Apple Developer Center Outage Fixed 'Remote Code Execution' Flaw

xcodelogoApple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.

On the site, Apple credits 7dscan.com and SCANV of www.knownsec.com for reporting the bug on July 18, which is the same day the Developer Center was taken offline. During the downtime, Apple reported that the Developer Center website had been hacked, with an intruder attempting "to secure personal information" from registered developers. The company noted that while sensitive information was encrypted, some developer names, mailing addresses, and/or email addresses may have been acquired.

The eight-day outage required a complete overhaul of Apple's developer systems and a restoration plan that slowly brought services back online.

While security researcher Ibrahim Balic speculated that he might have been behind the security breach, it is now clear that the issue he reported was unrelated to the major flaw that caused the downtime. Apple credits Ibrahim with reporting a separate iAd Workbench vulnerability on July 22. The vulnerability allowed Balic to obtain both names and Apple IDs of users.

applesecuritysite
On August 10, Apple reported that all of its developer services were back online, a full 23 days after the outage first occurred. As a result of the downtime, Apple gave all developers a one month extension on their developer memberships.

Popular Stories

iOS 18 CarPlay Feature

iOS 18 Adds These 5 New Features to CarPlay

Thursday June 13, 2024 7:44 am PDT by
Apple did not mention CarPlay during its WWDC keynote this week, but iOS 18 includes a handful of new features for the in-car software. Overall, there is not a whole lot new for CarPlay on iOS 18, with changes seemingly limited to the Messages and Settings apps so far. Below, we recap everything new for CarPlay on iOS 18. New for CarPlay on iOS 18 1. Contact Photos in Messages App...
iOS 18 Wallet Feature

Here's What's New in Apple Wallet on iOS 18 for Event Tickets and More

Friday June 14, 2024 7:32 am PDT by
iOS 18 includes a handful of enhancements to the Wallet app on the iPhone, with new features for Apple Pay, Apple Cash, event tickets, and more. Below, we outline everything new for the Wallet app on iOS 18, based on information from Apple's press release and a WWDC 2024 coding session. Redesigned Event Tickets Event tickets have an all-new design in the Wallet app on iOS 18, complete...
apple watch series 9 display

Kuo: Apple Watch Series 10 to Get Larger Screen and Thinner Design

Monday June 17, 2024 1:20 am PDT by
This year's Apple Watch Series 10 will be thinner and come in larger screen sizes than previous models, according to Apple analyst Ming-Chi Kuo. In his latest industry note -10-and-98075c44ce92">shared on Medium, Kuo said the screen size options on the next-generation Apple Watch will increase from 41mm to 45mm, and from 45mm to 49mm, while being encased in a thinner design. For reference,...
maxresdefault

First Look at Messages via Satellite in iOS 18

Thursday June 13, 2024 11:29 am PDT by
Apple has been gradually expanding its suite of satellite connectivity features for iPhone, and iOS 18 brings a significant new one in the form of Messages via satellite. The feature allows users to send and receive iMessages and SMS texts, including emoji and Tapbacks, while out of range of cellular and Wi-Fi networks. CNET met up with Apple's senior director of platform product marketing,...
iOS 18 Siri Integrated Feature

You Can Give Siri a New Name With iOS 18's Vocal Shortcuts

Friday June 14, 2024 4:33 pm PDT by
Apple in iOS 18 added a Vocal Shortcuts accessibility feature, and now that iOS 18 is available in a beta capacity, users have figured out that this option can be used to give Siri a new wake word. With Vocal Shortcuts, you can assign a custom phrase that Siri can understand to launch shortcuts and complete "complex tasks," and one of the shortcuts you can set up is an alternative for "Hey...

Top Rated Comments

bbeagle Avatar
141 months ago
Glad its finally all resolved. I'm sure someone is trying to find the next venerability.
ven·er·a·ble (vnr--bl)
adj.
1. Commanding respect by virtue of age, dignity, character, or position.
2. Worthy of reverence, especially by religious or historical association: venerable relics.
3. Venerable Abbr. Ven. or V.
a. Roman Catholic Church Used as a form of address for a person who has reached the first stage of canonization.
b. Used as a form of address for an archdeacon in the Anglican Church or the Episcopal Church.

vener·a·ble·ness, vener·a·bili·ty n.
vener·a·bly adv.
Score: 3 Votes (Like | Disagree)
macsrcool1234 Avatar
141 months ago
And you know this.... how exactly?



Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.


Because he knows what he's talking about, unlike you. OSX Server is not designed for that kind of use and would crumble under the load.
Score: 2 Votes (Like | Disagree)
mdnz Avatar
141 months ago
And you know this.... how exactly?



Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.
OS X server has tons of memory overhead (like the GUI) and is not as scalable as some other solutions. Servers at enterprise level need to be as optimised for one job (granted, depends on the server) as much as possible to reduce overhead and costs.

Bottom line: If you need to host a website which has millions of viewers a day, it's just not efficient nor costfriendly do to it purely on OS X. Also one thing to add is if you look at their job applications for System administrator it's mostly for Solaris/Linux.
Score: 2 Votes (Like | Disagree)
jav6454 Avatar
141 months ago
If they used OS X, I hope they released a patch for the system.
Score: 2 Votes (Like | Disagree)
Terrin Avatar
141 months ago
Think of readers whose first language isn't English. When you use unusual words with spelling that is not found in any dictionary, they can have a hard time finding out what you mean. Ibrahim Balic is quite possibly one of them.

Now whatever was said about him, he deserved it. He took actions that he shouldn't have taken and openly boasted about it. If you want to appear as the tough guy who brought Apple's developer site down, then you deserve anything that comes as a reaction.

I am confused. He did what all security researchers do. Namely try to find bugs. He then quietly reported the bugs to Apple. The site then went down the same day. The guy freaked thinking he was the cause. To try and cover himself he posted a video outlining what happened. He was clearly worried about Apple coming after him. Turns out Apple credited him with discovering another unrelated bug. The guy acted properly and never boasted.
Score: 1 Votes (Like | Disagree)
rdlink Avatar
141 months ago
Queue the, "Apple owes us more free time." rants.
Score: 1 Votes (Like | Disagree)