News Document Title:
====================
Apple fixed client-side XSS issue in http exception handling


Release Date:
=============
2011-10-07


Laboratory Article:
===================
The apple product security team patched a client-side cross site scripting issue on the discussions portal.
The bug has been fixed within 12 hours after a request to the noc product security contact of apple.
The vulnerability was located on the http exception-handling output of the we are sorry module context.


Report-Timeline:
================
2011-10-05:	Vendor Notification
2011-10-06:	Vendor Response/Feedback
2011-10-07:	Vendor Fix/Patch
2011-10-07:	Public or Non-Public Disclosure

Advisory: http://www.vulnerability-lab.com/get_content.php?id=289
Credits: http://support.apple.com/kb/HT1318


Press Article: http://news.softpedia.com/news/Apple-com-Suffering-from-a-Scripting-Vulnerability-Says-Advisory-226701.shtml