Apple’s iTunes Affiliates site briefly subjected to image swaps
November 3, 2009 by admin
Filed under: Hacks, iTunes, Apple
Our friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a cross-site URL trick, letting you substitute your own images for the ones normally displayed on the page. Since the site is intended to let websites display a custom top banner, this was ‘as designed’ — at least until jokesters began taking advantage.
The trick works (or at least, it did) by taking the default URL from the web browser and replacing a few things like the artist name, album name, album thumbnail source and the image link.
The Internet moves pretty fast, though. As I was typing this, Apple removed the top banner altogether, preventing the customized image display. No more pranks for us.
In any case, OS X Daily pointed out that the image issue could allow malicious folks to redirect would-be Apple visitors to malware sites
Props to Apple’s web development team, though, for taking this down within the ten minutes it took me to finish the post.
Apple’s iTunes Affiliates site briefly subjected to image swaps originally appeared on The Unofficial Apple Weblog (TUAW) on Tue, 03 Nov 2009 20:00:00 EST. Please see our terms for use of feeds.
Apple’s iTunes Affiliates site briefly subjected to image swaps originally appeared on The Unofficial Apple Weblog (TUAW) on Tue, 03 Nov 2009 20:00:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
Comments
Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!