Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
08-21-2013, 03:40 AM #1
Remote Code Execution Issue Identified as Cause for Apple's Dev Center Outage
A recent post to Apple’s Web Server Notifications webpage shows a research team recently reported a security threat that coincides with the Developer Center’s takedown, suggesting the vulnerability is to blame for the portal’s weeks-long outage. It was noted that a remote code execution issue was addressed on June 18, the same day Apple’s Dev Center was taken offline. As pointed by the folks at TechCrunch, the report notates the problem as being associated with “developer.apple.com,” the address of Apple’s Developer Center.
Apple offers no further information regarding the remote execution threat but does credit “7dscan.com” and “SCANV” of www.knownsec.com for discovering and reporting the issue. 7DScan.com was also cited as finding another remote code execution issue with Apple’s Express Lane tech support service. The new information runs counter to statements made by researcher Ibrahim Balic, who claimed responsibility for Apple’s downtime days after the Dev Portal was pulled. At the time, Balic said he discovered and reported 13 bugs to Apple, along with user details of 73 Apple employees. Balic is however credited as finding an iAd Workbench bug related to an information disclosure issue. The problem was addressed on the day Balic came forward with his claims.
The Cupertino California company hasn’t explained any specifics regarding the downtime. The company revealed little in following updates to its developers, though the company did announce that an “intruder” attempted to glean personal information from a database of registered developer accounts. Sensitive data was encrypted, though Apple could not rule out the possibility that at least some information was accessed. Roughly one week after the incidence, the Dev Center was reactivated as Apple worked to bring the website back online with newly installed safeguards. The Dev Center was a whole was finally brought back online earlier this month after a three week downtime.