Apple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.
On the site, Apple credits 7dscan.com and SCANV of www.knownsec.com for reporting the bug on July 18, which is the same day the Developer Center was taken offline. During the downtime, Apple reported that the Developer Center website had been hacked, with an intruder attempting "to secure personal information" from registered developers. The company noted that while sensitive information was encrypted, some developer names, mailing addresses, and/or email addresses may have been acquired.
The eight-day outage required a complete overhaul of Apple's developer systems and a restoration plan that slowly brought services back online.
While security researcher Ibrahim Balic speculated that he might have been behind the security breach, it is now clear that the issue he reported was unrelated to the major flaw that caused the downtime. Apple credits Ibrahim with reporting a separate iAd Workbench vulnerability on July 22. The vulnerability allowed Balic to obtain both names and Apple IDs of users.
On August 10, Apple reported that all of its developer services were back online, a full 23 days after the outage first occurred. As a result of the downtime, Apple gave all developers a one month extension on their developer memberships.
Glad its finally all resolved. I'm sure someone is trying to find the next venerability.
ven·er·a·ble (vnr--bl) adj. 1. Commanding respect by virtue of age, dignity, character, or position. 2. Worthy of reverence, especially by religious or historical association: venerable relics. 3. Venerable Abbr. Ven. or V. a. Roman Catholic Church Used as a form of address for a person who has reached the first stage of canonization. b. Used as a form of address for an archdeacon in the Anglican Church or the Episcopal Church.
vener·a·ble·ness, vener·a·bili·ty n. vener·a·bly adv.
Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.
Because he knows what he's talking about, unlike you. OSX Server is not designed for that kind of use and would crumble under the load.
Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.
OS X server has tons of memory overhead (like the GUI) and is not as scalable as some other solutions. Servers at enterprise level need to be as optimised for one job (granted, depends on the server) as much as possible to reduce overhead and costs.
Bottom line: If you need to host a website which has millions of viewers a day, it's just not efficient nor costfriendly do to it purely on OS X. Also one thing to add is if you look at their job applications for System administrator it's mostly for Solaris/Linux.
Think of readers whose first language isn't English. When you use unusual words with spelling that is not found in any dictionary, they can have a hard time finding out what you mean. Ibrahim Balic is quite possibly one of them.
Now whatever was said about him, he deserved it. He took actions that he shouldn't have taken and openly boasted about it. If you want to appear as the tough guy who brought Apple's developer site down, then you deserve anything that comes as a reaction.
I am confused. He did what all security researchers do. Namely try to find bugs. He then quietly reported the bugs to Apple. The site then went down the same day. The guy freaked thinking he was the cause. To try and cover himself he posted a video outlining what happened. He was clearly worried about Apple coming after him. Turns out Apple credited him with discovering another unrelated bug. The guy acted properly and never boasted.
Leaker Jon Prosser today shared ostensibly accurate renders of the iPhone 14 Pro, providing the most accurate look yet at what the device could look like when it launches later this year.
In the latest video on YouTube channel Front Page Tech, Prosser revealed renders of the iPhone 14 Pro made by Apple concept graphic designer Ian Zelbo, highlighting a range of specific design changes...
Amazon is marking down a wide variety of 11-inch and 12.9-inch iPad Pro models this week, with prices starting as low as $749.00 for the 11-inch tablet. You'll find the full list of sales below, all of which can be found on Amazon.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep...
Apple appears to have recently updated the Wallet app to allow users to add an Apple Account Card, which displays the Apple credit balance associated with an Apple ID.
If you receive an App Store or Apple Store gift card, for example, it is added to an Apple Account that was previously visible in the App Store and Apple Store apps. As of today, the Apple Account balance can also be added to...
The iPhone 14 Max is currently behind schedule by around three weeks, according to Haitong International Securities analyst Jeff Pu.
Yesterday, Nikkei Asia reported that at least one iPhone 14 model was three weeks behind schedule due to the impact of lockdowns on Apple's supply chains in China, but it was not clear which iPhone 14 model this related to. Now, Pu has clarified that the model...
Last year's iPhone 13 Pro models were the first of Apple's smartphones to come with 120Hz ProMotion displays, and while the two iPhone 14 Pro models will continue to feature the technology, their screens could well boast expanded refresh rate variability this time round.
To bring ProMotion displays to the iPhone 13 Pro models, Apple adopted LTPO panel technology with variable refresh...
Apple in February unveiled a new "Tap to Pay on iPhone" feature that will allow compatible iPhones to accept payments via Apple Pay, contactless credit and debit cards, and other digital wallets, with no additional hardware required.
Apple began testing the feature at its Apple Park Visitor Center earlier this month, and now Bloomberg's Mark Gurman has tweeted that the feature will begin...
Apple today released tvOS 15.5.1, a minor update to the tvOS operating system that first launched in September 2021. tvOS 15.5.1 comes about 10 days after the launch of tvOS 15.5. tvOS 15.5.1 can be downloaded over the air on the Apple TV through the Settings app by going to System > Software Update. Apple TV owners who have automatic software updates...
Apple on May 16 released iOS 15.5 and iPadOS 15.5, bringing improvements for Podcasts and Apple Cash, the ability to see Wi-Fi signal of HomePods, dozens of security fixes, and more.
Apple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.
Top Rated Comments
adj.
1. Commanding respect by virtue of age, dignity, character, or position.
2. Worthy of reverence, especially by religious or historical association: venerable relics.
3. Venerable Abbr. Ven. or V.
a. Roman Catholic Church Used as a form of address for a person who has reached the first stage of canonization.
b. Used as a form of address for an archdeacon in the Anglican Church or the Episcopal Church.
vener·a·ble·ness, vener·a·bili·ty n.
vener·a·bly adv.
Because he knows what he's talking about, unlike you. OSX Server is not designed for that kind of use and would crumble under the load.
Bottom line: If you need to host a website which has millions of viewers a day, it's just not efficient nor costfriendly do to it purely on OS X. Also one thing to add is if you look at their job applications for System administrator it's mostly for Solaris/Linux.
I am confused. He did what all security researchers do. Namely try to find bugs. He then quietly reported the bugs to Apple. The site then went down the same day. The guy freaked thinking he was the cause. To try and cover himself he posted a video outlining what happened. He was clearly worried about Apple coming after him. Turns out Apple credited him with discovering another unrelated bug. The guy acted properly and never boasted.