A security researcher has discovered that Apple search bots that detected its podcast series leaked internal IPs due to an incorrectly configured proxy server.
For its part, Apple took a little over 9 months to fix this leak, for no apparent reason.
Applebot refers to the web program detectionof Apple that scans the web to find content for its users.
"Applebot is the web crawler for Apple. "Products like Siri and Spotlight Suggestions use Applebot," according to Apple.
Last month, security researcher and podcast creator David Coomber discovered that Applebot had used a proxy that leaked Apple's internal IP addresses.
A sample request made on the Coomber website contained both headers that revealed the internal IP address of the device behind the proxy server.
The fields listed are the external IP address of the proxy server, the requested path, the HTTP response code, the web browser user agent information, and the Via and X-Forwarded-For header values.
“Although I've seen a few misconfigured bots, I was surprised to see the Apple Podcast bot looking for updates to my podcast (Deep House Mixes) using a proxy that showed internal IPs and hostnames computers from “Via”, “X – Forwarded-For”.
