Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Apple Developer Center Outage Fixed 'Remote Code Execution' Flaw  (Read 335 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425
« on: August 20, 2013, 11:00:36 pm »
Apple Developer Center Outage Fixed 'Remote Code Execution' Flaw

Apple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.   On the site, Apple credits 7dscan.com and SCANV of www.knownsec.com for reporting the bug on July 18, which is the same day the Developer Center was taken offline. During the downtime, Apple reported that the Developer Center website had been hacked, with an intruder attempting "to secure personal information" from registered developers. The company noted that while sensitive information was encrypted, some developer names, mailing addresses, and/or email addresses may have been acquired.   The eight-day outage required a complete overhaul of Apple's developer systems and a restoration plan that slowly brought services back online.   While security researcher Ibrahim Balic speculated that he might have been behind the security breach, it is now clear that the issue he reported was unrelated to the major flaw that caused the downtime. Apple credits Ibrahim with reporting a separate iAd Workbench vulnerability on July 22. The vulnerability allowed Balic to obtain both names and Apple IDs of users.     On August 10, Apple reported that all of its developer services were back online, a full 23 days after the outage first occurred. As a result of the downtime, Apple gave all developers a one month extension on their developer memberships.   Recent Mac and iOS Blog Stories • 'Star Trek Into Darkness' Gets Early Release on iTunes with Bundle Deal • Conde Nast Introduces 'All Access' Partnership with Amazon to Sell Digital and Print Subscriptions • Plants vs. Zombies 2 Downloaded 16 Million Times Worldwide, New Content Coming • Nuance Adopts 'Poison Pill' Measure After Carl Icahn's Apple Investment • TiVo Introduces 'Roamio' DVR That Streams Live and Recorded Shows to iOS Devices • Google Brings Waze Features to Google Maps for iOS and Android • 'Dungeons & Dragons: Arena of War' Coming to iOS Later This Month, Offering Exclusive Character Upgrade • Logitech Announces Two New Folio Accessories for iPad Mini    
 


http://www.macrumors.com/2013/08/20/apple-developer-center-outage-fixed-remote-code-execution-flaw/
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: