22 Jul 2013

Security Research breaches 13 weaknesses in Apple Developer site

The following letter was sent to Apple Developer Portal users after its several day downtime:

[Apple Developer]
Apple Developer Website Update         [headershadow] Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then. In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

Ibrahim Balic, an independent security researcher, claimed his efforts were not intended to be malicious and that he reported all of the vulnerabilities that he found to Apple. He reported 13 bugs including access to 73 Apple employee user accounts. 

]]>

One Comment

Comments are closed.