Apple Dev Center was hacked via remote code execution bug
Posted on 21 August 2013.
Apple's ever expanding article listing researchers' credits for finding and reporting potential security issues in Apple's web servers has some new entries, and reveals that UK-based researcher Ibrahim Balic is not to blame for last month's outage of the Apple developer center.


After the dev center went offline on July 18th, Balic believed that his penetration testing efforts were the cause.

Having accessed some user details after testing one of the bugs and witnessing the developer portal being shut down just several hours after he made his final report, then reading in the news about the hack and possible involvement of legal authorities into the investigation, he panicked and tried set the record straight online.

He publicly stated that he had been recently doing research on Apple and that the discovered - and reported - some 13 bugs to the company.

"I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first," he explained.

But, as it turns out, he shouldn't have worried, as the break-in seems to have been executed via a remote code execution flaw that has since been patched. According to Mac Rumors, the issue was reported by 7dscan.com and SCANV of knownsec.com on the day of the hack.

Apple has not shared more details about the attack since the initial notice saying that an intruder tried to access personal information of their registered developers.

But, as it took them nearly three weeks to bring completely overhaul the developer program services and bring them back online, they did give developers an extension to their developer memberships by one month.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //