A post to Apple's Web Server Notifications webpage shows a research team reported a security threat that coincides with the Developer Center's takedown, suggesting the vulnerability is to blame for the portal's weeks-long outage.
The website, through which Apple gives credit to those who have reported potential threats to its servers, notes that a remote code execution issue was addressed on June 18, the same day Apple's Dev Center was taken offline. As pointed out by TechCrunch, the report notates the problem as being associated with "developer.apple.com," the address of Apple's Developer Center.
Apple offers no further information regarding the remote code execution threat, but does credit "7dscan.com" and "SCANV" of www.knownsec.com for discovering and reporting the issue. 7Dscan.com is also cited as finding another remote code execution issue with Apple's Express Lane tech support service.
The new information runs counter to statements made by researcher Ibrahim Balic, who claimed responsibility for Apple's self-imposed downtime days after the dev portal was pulled. At the time, Balic said he discovered and reported 13 bugs to Apple, along with user details of 73 Apple employees.
Balic is, however, credited as finding an iAd Workbench bug related to an information disclosure issue. The problem was addressed on the day Balic came forward with his claims.
The specifics of Apple's Dev Center downtime have yet to be explained. Apple has revealed little in its subsequent updates to developers, though the company did announce that an "intruder" attempted to glean personal information from a database of registered developer accounts. Sensitive data was encrypted, though Apple could not rule out the possibility that at least some information was accessed.
About one week later, portions of the Dev Center were reactivated as Apple worked to bring the website back online with newly installed safeguards.
The Dev Center was finally brought back online earlier this month after what amounted to a three week downtime.
6 Comments
Not good. Plus I thought they build it from the ground up, making this threat 'disappear'.
[quote name="PhilBoogie" url="/t/159142/apples-dev-center-outage-attributed-to-remote-code-execution-issue#post_2383089"]Not good. Plus I thought they build it from the ground up, making this threat 'disappear'.[/quote] They did fix it. Read the article before you comment. It is talking about last months outage.
They should cut off the hands of those that create malicious virus and malware attacks, unless they keep it in a controlled environment and it doesn't affect production systems.
Replace the "hands" with, their head. Of course I've advocated this method for all thieves. Who on here is willing to come to their defense?
[quote name="NasserAE" url="/t/159142/apples-dev-center-outage-attributed-to-remote-code-execution-issue#post_2383099"]They did fix it. Read the article before you comment. It is talking about last months outage.[/quote] Well that was stupid of me. Thanks for pointing it out.