Apple Cut Ties With Supplier Super Micro Computer Over Server Security Concerns

by

Apple cut ties with server supplier Super Micro Computer in 2016 after unearthing a potential security vulnerability in at least one of its data center servers, reports The Information.

The vulnerability in the server, which was part of Apple's technical infrastructure powering its web-based services, was discovered in the early months of 2016. According to Super Micro senior vice president of technology Tau Leng, Apple ended its business relationship with Super Micro Computer shortly after uncovering the security issue.


Leng's account of the incident makes it sound like Apple received bad firmware from an FTP site hosted by Super Micro that may have been infiltrated, which may have compromised the server.

According to Leng, when Apple was asked to provide the version number of the firmware it had downloaded after experiencing issues, Apple provided an invalid number. After that, Apple refused to provide more information to Super Micro.

Mr. Leng said Super Micro regularly provides firmware updates that data center customers like Apple can download from a private "FTP" site, hosted by Super Micro. He said the firmware updates come from outside chip manufacturers--in this case, a networking chip maker that he declined to name.

Sources who spoke to The Information said servers that handled Siri requests and App Store search functionality may have been compromised, but an Apple spokesperson said Apple did not receive bad firmware nor was any customer data stolen.

"Apple is deeply committed to protecting the privacy and security of our customers and the data we store," the spokesperson told The Information. "We are constantly monitoring for any attacks on our systems, working closely with vendors and regularly checking equipment for malware."

It's not quite clear what caused the vulnerability that led to the end of the agreement between Super Micro and Apple, but Apple has since moved on to other server suppliers, increasing orders from ZT and purchasing servers from Inspur.

Top Rated Comments

(View all)
Avatar
47 months ago
Funny to think Apple once made their own servers.
Score: 9 Votes (Like | Disagree)
Avatar
47 months ago

problem was that they weren't using SFTP to start with.

No, we don't know that. We are reading hearsay from the fired vendor and the word FTP is in quotation marks, so it possibly could have been SFTP.

SFTP doesn't guarantee that the downloads are clean or that the download server is safe, only that the download connection itself is secure.

Furthermore, both Supermicro and Apple contradict each other. Either someone is not telling the full truth or possibly both are not telling the complete truth. There's really no way to ascertain what happened from this article and we may never will.

The only real takeaway from this article is that Apple no longer sources server hardware from Supermicro. The rest of the words you can flush down the toilet.

My guess is that Mr. Leng is violating a confidentiality clause by discussing this with the media. If that is the case, it is likely that SuperMicro will never do business with Apple Inc. again as long as Tim Cook is in charge.

SuperMicro just burnt a bridge. Too bad for them.
Score: 6 Votes (Like | Disagree)
Avatar
47 months ago
Terror of dependency. Good play, Apple.
Score: 4 Votes (Like | Disagree)
Avatar
47 months ago
problem was that they weren't using SFTP to start with.
Score: 3 Votes (Like | Disagree)
Avatar
47 months ago
So maybe your iPhone is encrypted & secure... but apple's server farms are made by third parties and that's where the vulnerability lies. Dont get to cozy with iCloud.
Score: 3 Votes (Like | Disagree)
Avatar
47 months ago
Well apple, its time to make your own servers again :)
Score: 3 Votes (Like | Disagree)

Top Stories

Leaker: 'iPhone 12 mini' and iPhone 12 Storage Capacities Start at 64GB, Pro Models at 128GB

Tuesday September 29, 2020 2:31 am PDT by
Rumors suggest Apple's iPhone 12 launch event will be held on October 13, with the more affordable 5.4 and 6.1-inch devices set to ship out ahead of the more expensive 6.1-inch and 6.7-inch Pro devices, and this morning hit-and-miss leaker Jon Prosser has further committed to that date by providing alleged details on Apple's first shipment of finalized iPhone 12 units. Prosser claims the...

Hands-On With iOS 14.2's New Shazam Music Recognition Toggle in Control Center

Monday September 28, 2020 2:35 pm PDT by
Shortly after launching iOS 14, Apple introduced an upcoming iOS 14.2 update, which is now available to developers and public beta testers ahead of a public release that could come at some point in October. Subscribe to the MacRumors YouTube channel for more videos. The iOS 14.2 update mainly focuses on the Control Center, introducing a new Music Recognition toggle that deepens the Shazam...

iPhone 12 'Pro Max' Model to Sport Unique High-End Features

Wednesday September 30, 2020 2:01 am PDT by
The upcoming "iPhone 12 Pro Max" is anticipated to have a number of unique high-end features not found on any other iPhone, such as its screen size, LiDAR scanner, faster 5G, and potentially a higher display refresh rate. The iPhone 12 Pro Max is also expected to be the largest ever iPhone, with a 6.7-inch display. Previously, the largest iPhones have been 6.5-inches in the iPhone XS Max and ...

DigiTimes: 12.9-inch Mini-LED iPad Pro Arriving Early 2021, Mini-LED MacBook Coming Later

Tuesday September 29, 2020 4:18 am PDT by
Apple will launch a 12.9-inch mini LED-backlit iPad Pro in early 2021 and a mini LED-backlit MacBook in the second-half of next year, according to DigiTimes. The Taiwan-based industry publication claims Epistar will supply the over-10,000 mini LEDs used in each iPad Pro tablet. Meanwhile, Apple is expected to recruit Osram Opto as another supplier of mini LEDs for use in a new "high-end"...

iOS 14.2 Suggests Apple Won't Include EarPods in the Box With iPhone 12

Tuesday September 29, 2020 2:19 pm PDT by
Rumors have suggested that Apple's iPhone 12 models will not include power adapters or EarPods in the box, and a minor code tweak in iOS 14.2 seemingly confirms Apple's plan to sell the new devices without EarPods. In iOS 14 and earlier versions of iOS, there's a mention of reducing exposure to RF energy by using the "supplied headphones," which is the same wording that Apple has used for...

iPhone 12 Production Lines at Foxconn's Zhengzhou Factory in China Running '24 Hours a Day'

Tuesday September 29, 2020 3:38 am PDT by
Apple contract manufacturer Foxconn is running its massive Zhengzhou factory in China 24 hours a day to produce the new iPhone 12, according to Chinese media reports. Apple's main iPhone manufacturer in China is said to be cancelling workers' holidays and introducing mandatory overtime with additional bonuses for longer-serving staff, according to information garnered from employees,...

iPhone 12 May Launch Earlier Than Usual in South Korea

Monday September 28, 2020 5:24 am PDT by
The upcoming iPhone 12 lineup may launch earlier than usual in South Korea, reports The Korea Herald. South Korean telecoms firms speaking to The Korea Herald have said that the iPhone 12 lineup will launch ahead of its usual schedule. Normally, the release of new iPhones in South Korea comes about one month after launch in the United States. Last year, the iPhone 11 arrived in South Korea ...

iOS 14.2 Beta 2 Adds New Emoji Characters like Ninja, Pinata, Bubble Tea, Polar Bear and More

Tuesday September 29, 2020 11:22 am PDT by
The second beta of iOS 14.2 introduces the new Emoji 13 characters that Apple previewed earlier this year as part of World Emoji Day. New emoji options include ninja, people hugging, black cat, bison, fly, polar bear, blueberries, fondue, bubble tea, and more, with a list below. Faces - Smiling Face with Tear, Disguised Face People - Ninja, Person in Tuxedo, Woman in Tuxedo, Person...

Epic Games Unlikely to Win Injunction in Ongoing Fortnite Battle With Apple, Jury Trial Possible

Monday September 28, 2020 1:14 pm PDT by
The ongoing legal dispute between Apple and Epic Games continued on today, with a preliminary injunction hearing taking place this morning. We're still waiting to hear the judge's official ruling, but it looks like Epic is not going to be granted an injunction to allow Fortnite back into the App Store as the case unfolds. Many of the arguments that lawyers for Apple and Epic Games made were...

Apple Releases Ninth Beta of macOS Big Sur to Developers

Tuesday September 29, 2020 10:07 am PDT by
Apple today seeded the Ninth beta of an upcoming macOS Big Sur update to developers for testing purposes, a week after releasing the eighth beta and more than two months after the new update was unveiled at the Worldwide Developers Conference. The macOS Big Sur beta can be downloaded through the Apple Developer Center and once the appropriate profile is installed, subsequent betas will be...