Apple Dev Center was hacked via remote code execution bug
Posted on 21 August 2013.
Apple's ever expanding article listing researchers' credits for finding and reporting potential security issues in Apple's web servers has some new entries, and reveals that UK-based researcher Ibrahim Balic is not to blame for last month's outage of the Apple developer center.

After the dev center went offline on July 18th, Balic believed that his penetration testing efforts were the cause.

Having accessed some user details after testing one of the bugs and witnessing the developer portal being shut down just several hours after he made his final report, then reading in the news about the hack and possible involvement of legal authorities into the investigation, he panicked and tried set the record straight online.

He publicly stated that he had been recently doing research on Apple and that the discovered - and reported - some 13 bugs to the company.

"I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first," he explained.

But, as it turns out, he shouldn't have worried, as the break-in seems to have been executed via a remote code execution flaw that has since been patched. According to Mac Rumors, the issue was reported by and SCANV of on the day of the hack.

Apple has not shared more details about the attack since the initial notice saying that an intruder tried to access personal information of their registered developers.

But, as it took them nearly three weeks to bring completely overhaul the developer program services and bring them back online, they did give developers an extension to their developer memberships by one month.


Don't sink your network

Too many of today’s networks are easy to sink. One attack pierces the perimeter, and all of the organisation's most sensitive data comes rushing out. Soon after, their logo is slapped across the evening news as the pundits start circling the water.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Oct 13th