Apple Developer Center Outage Fixed 'Remote Code Execution' Flaw

xcodelogoApple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.

On the site, Apple credits 7dscan.com and SCANV of www.knownsec.com for reporting the bug on July 18, which is the same day the Developer Center was taken offline. During the downtime, Apple reported that the Developer Center website had been hacked, with an intruder attempting "to secure personal information" from registered developers. The company noted that while sensitive information was encrypted, some developer names, mailing addresses, and/or email addresses may have been acquired.

The eight-day outage required a complete overhaul of Apple's developer systems and a restoration plan that slowly brought services back online.

While security researcher Ibrahim Balic speculated that he might have been behind the security breach, it is now clear that the issue he reported was unrelated to the major flaw that caused the downtime. Apple credits Ibrahim with reporting a separate iAd Workbench vulnerability on July 22. The vulnerability allowed Balic to obtain both names and Apple IDs of users.

applesecuritysite
On August 10, Apple reported that all of its developer services were back online, a full 23 days after the outage first occurred. As a result of the downtime, Apple gave all developers a one month extension on their developer memberships.

Top Rated Comments

(View all)
Avatar
94 months ago

Glad its finally all resolved. I'm sure someone is trying to find the next venerability.

ven·er·a·ble (vnr--bl)
adj.
1. Commanding respect by virtue of age, dignity, character, or position.
2. Worthy of reverence, especially by religious or historical association: venerable relics.
3. Venerable Abbr. Ven. or V.
a. Roman Catholic Church Used as a form of address for a person who has reached the first stage of canonization.
b. Used as a form of address for an archdeacon in the Anglican Church or the Episcopal Church.

vener·a·ble·ness, vener·a·bili·ty n.
vener·a·bly adv.
Score: 3 Votes (Like | Disagree)
Avatar
94 months ago

And you know this.... how exactly?



Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.



Because he knows what he's talking about, unlike you. OSX Server is not designed for that kind of use and would crumble under the load.
Score: 2 Votes (Like | Disagree)
Avatar
94 months ago

And you know this.... how exactly?



Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.

OS X server has tons of memory overhead (like the GUI) and is not as scalable as some other solutions. Servers at enterprise level need to be as optimised for one job (granted, depends on the server) as much as possible to reduce overhead and costs.

Bottom line: If you need to host a website which has millions of viewers a day, it's just not efficient nor costfriendly do to it purely on OS X. Also one thing to add is if you look at their job applications for System administrator it's mostly for Solaris/Linux.
Score: 2 Votes (Like | Disagree)
Avatar
94 months ago
If they used OS X, I hope they released a patch for the system.
Score: 2 Votes (Like | Disagree)
Avatar
94 months ago

Think of readers whose first language isn't English. When you use unusual words with spelling that is not found in any dictionary, they can have a hard time finding out what you mean. Ibrahim Balic is quite possibly one of them.

Now whatever was said about him, he deserved it. He took actions that he shouldn't have taken and openly boasted about it. If you want to appear as the tough guy who brought Apple's developer site down, then you deserve anything that comes as a reaction.


I am confused. He did what all security researchers do. Namely try to find bugs. He then quietly reported the bugs to Apple. The site then went down the same day. The guy freaked thinking he was the cause. To try and cover himself he posted a video outlining what happened. He was clearly worried about Apple coming after him. Turns out Apple credited him with discovering another unrelated bug. The guy acted properly and never boasted.
Score: 1 Votes (Like | Disagree)
Avatar
94 months ago
Queue the, "Apple owes us more free time." rants.
Score: 1 Votes (Like | Disagree)

Top Stories

Early iPhone 12 Tests Show Ceramic Shield is Stronger and More Scratch Resistant Than iPhone 11 Glass

Friday October 23, 2020 1:21 pm PDT by
Apple's new iPhone 12 models are protected by a Ceramic Shield cover glass that has nano-ceramic crystals infused right into the glass to improve durability. According to Apple, Ceramic Shield offers four times better drop protection than the glass used for the iPhone 11 models. YouTube channel MobileReviewsEh conducted some tests on the iPhone 12 using a force meter to compare its performance ...

iPhone 12 Pro Allows You to Measure Someone's Height Instantly Using LiDAR Scanner

Saturday October 24, 2020 11:12 am PDT by
iPhone 12 Pro models feature a new LiDAR Scanner for enhanced augmented reality experiences, but the sensor also enables another unique feature: the ability to measure a person's height instantly using the Measure app. You can even measure the seated height of a person in a chair, according to Apple. When the Measure app detects a person in the viewfinder, it automatically measures their...

Google Reportedly Pays Apple $8-12 Billion Per Year to be Default iOS Search Engine

Sunday October 25, 2020 2:59 pm PDT by
The United States Justice Department is targeting a lucrative deal between Apple and Google as part of one of the U.S. government's largest antitrust cases, reports The New York Times. On Tuesday, the Justice Department filed an antitrust lawsuit against Google, claiming the Mountain View-based company used anticompetitive and exclusionary practices in the search and advertising markets to ...

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

Apple Warns MagSafe Charger Can Leave Circular Imprints on Leather Cases

Friday October 23, 2020 3:23 pm PDT by
If you keep your iPhone in a leather case while charging with Apple's new MagSafe Charger, the case might show circular imprints from contact with the accessory, according to a new Apple support document published today. Apple's leather cases for the iPhone 12 and iPhone 12 Pro are not available until November 6, but a MacRumors reader has already shared a photo of a circular imprint on...

iPhone 11 Pro Outlasts iPhone 12 and 12 Pro in Extensive Battery Life Test

Friday October 23, 2020 8:36 am PDT by
Arun Maini today shared a new side-by-side iPhone battery life video test on his YouTube channel Mrwhosetheboss, timing how long the new iPhone 12 and iPhone 12 Pro models last on a single charge compared to older models, with equal brightness, settings, battery health, and usage. All of the devices are running iOS 14 without a SIM card inserted. In the test, the iPhone 11 Pro outlasted both ...

PSA: Non-iPhone 12 Models Charge Super Slowly With MagSafe Charger

Friday October 23, 2020 4:11 pm PDT by
Alongside the iPhone 12 models, Apple introduced a new $39 MagSafe Charger that's meant to work with the magnets in the iPhone 12 Pro models to charge them up at a maximum of 15W. The MagSafe Charger is technically able to be used with older iPhones, but it's not a good idea because the charging with non-iPhone 12 devices is so slow. We did two tests with the iPhone XS Max, draining the...

MagSafe Charger Teardown Reveals Simple Design With Magnets and Charging Coil Encircling a Small Circuit Board

Friday October 23, 2020 7:50 am PDT by
iFixit has today shared a teardown of Apple's new MagSafe charger for the iPhone 12 and iPhone 12 Pro. An X-ray of the MagSafe charger courtesy of Creative Electron reveals the internal charging coil surrounded by a circular arrangement of magnets within the puck. The only seam that iFixit was able to leverage to open the device was where the white rubber circle meets the metal rim,...

Apple VP Kaiann Drance Interview Addresses Battery Life, MagSafe, and Power Adapter Concerns

Friday October 23, 2020 3:37 am PDT by
Apple's Vice President of iPhone Marketing, Kaiann Drance, has provided a new interview to Rich DeMuro on the Rich on Tech Podcast, to discuss the iPhone 12 and iPhone 12 Pro. Although much of the interview repeated points from Apple's "Hi, Speed" event, there were a number of interesting tidbits regarding the affect of 5G on battery life, MagSafe concerns, and the lack of a power adapter in...

iFixit Shares Full iPhone 12 and 12 Pro Teardown Revealing Interchangeable Displays and Batteries

Saturday October 24, 2020 1:48 pm PDT by
After live streaming a teardown of the iPhone 12 and iPhone 12 Pro earlier this week, iFixit today provided a more in-depth teardown that goes through all of the components in the new devices, revealing several similarities between the two. Early testing conducted by iFixit shows that the iPhone 12 and 12 Pro displays are interchangeable and can be swapped without issue, though the max...