Hello, I am Aaditya Purani, and i had found an CSRF (Cross Site Request Forgery ) on Beats by Dr.Dre which could lead to full Account Takeover and Information change by Just sending a Malicious crafted Link to the user. Proof of Concept:
< input type="hidden" name="zip" value="" />
Response : {aisCustomerSavedSuccessfullya: true, aunsubscribeStatusa: null } -> Attack Successful {aisCustomerSavedSuccessfullya: false, aunsubscribeStatusa: null } -> Attack Unsuccessful Clicking on this Link, would change details of any User. I have wrote an Complete Blog here: https://aadityapurani.com/2016/07/20/how-i-hacked-your-beats-account-apple-bug-bounty/ Video PoC: https://youtu.be/2SfmmWxiDck Apple has Acknowledged me in their Hall of fame: https://support.apple.com/en-us/HT201536 *Timeline:* October 8th 2015 a Reported October 23th 2015 a Triaged November 6th 2015 a Responded that aMatter is being investigateda January 18th 2016 a Fixed June 20th 2016 a Acknowledged # Iranian Exploit DataBase = http://IeDb.Ir [2016-08-03]