Apple Dev Center was hacked via remote code execution bug
Posted on 21 August 2013.
Apple's ever expanding article listing researchers' credits for finding and reporting potential security issues in Apple's web servers has some new entries, and reveals that UK-based researcher Ibrahim Balic is not to blame for last month's outage of the Apple developer center.


After the dev center went offline on July 18th, Balic believed that his penetration testing efforts were the cause.

Having accessed some user details after testing one of the bugs and witnessing the developer portal being shut down just several hours after he made his final report, then reading in the news about the hack and possible involvement of legal authorities into the investigation, he panicked and tried set the record straight online.

He publicly stated that he had been recently doing research on Apple and that the discovered - and reported - some 13 bugs to the company.

"I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first," he explained.

But, as it turns out, he shouldn't have worried, as the break-in seems to have been executed via a remote code execution flaw that has since been patched. According to Mac Rumors, the issue was reported by 7dscan.com and SCANV of knownsec.com on the day of the hack.

Apple has not shared more details about the attack since the initial notice saying that an intruder tried to access personal information of their registered developers.

But, as it took them nearly three weeks to bring completely overhaul the developer program services and bring them back online, they did give developers an extension to their developer memberships by one month.









Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //