or Connect
AppleInsider › Forums › General › General Discussion › Apple's Dev Center outage attributed to remote code execution issue
New Posts  All Forums:Forum Nav:

Apple's Dev Center outage attributed to remote code execution issue

post #1 of 7
Thread Starter 
A post to Apple's Web Server Notifications webpage shows a research team reported a security threat that coincides with the Developer Center's takedown, suggesting the vulnerability is to blame for the portal's weeks-long outage.

Credit
Reported Dev Center downtime credit highlighted in red. | Source: Apple


The website, through which Apple gives credit to those who have reported potential threats to its servers, notes that a remote code execution issue was addressed on June 18, the same day Apple's Dev Center was taken offline. As pointed out by TechCrunch, the report notates the problem as being associated with "developer.apple.com," the address of Apple's Developer Center.

Apple offers no further information regarding the remote code execution threat, but does credit "7dscan.com" and "SCANV" of www.knownsec.com for discovering and reporting the issue. 7Dscan.com is also cited as finding another remote code execution issue with Apple's Express Lane tech support service.

The new information runs counter to statements made by researcher Ibrahim Balic, who claimed responsibility for Apple's self-imposed downtime days after the dev portal was pulled. At the time, Balic said he discovered and reported 13 bugs to Apple, along with user details of 73 Apple employees.

Balic is, however, credited as finding an iAd Workbench bug related to an information disclosure issue. The problem was addressed on the day Balic came forward with his claims.

The specifics of Apple's Dev Center downtime have yet to be explained. Apple has revealed little in its subsequent updates to developers, though the company did announce that an "intruder" attempted to glean personal information from a database of registered developer accounts. Sensitive data was encrypted, though Apple could not rule out the possibility that at least some information was accessed.

About one week later, portions of the Dev Center were reactivated as Apple worked to bring the website back online with newly installed safeguards.

The Dev Center was finally brought back online earlier this month after what amounted to a three week downtime.
post #2 of 7
Not good. Plus I thought they build it from the ground up, making this threat 'disappear'.
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
post #3 of 7
Quote:
Originally Posted by PhilBoogie View Post

Not good. Plus I thought they build it from the ground up, making this threat 'disappear'.

They did fix it. Read the article before you comment. It is talking about last months outage.
post #4 of 7
They should cut off the hands of those that create malicious virus and malware attacks, unless they keep it in a controlled environment and it doesn't affect production systems.
post #5 of 7

Replace the "hands" with, their head. Of course I've advocated this method for all thieves. Who on here is willing to come to their defense?

post #6 of 7
Quote:
Originally Posted by NasserAE View Post

They did fix it. Read the article before you comment. It is talking about last months outage.

Well that was stupid of me. Thanks for pointing it out.
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
post #7 of 7
l
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple's Dev Center outage attributed to remote code execution issue