Security Specialist talked about hacking Apple Developer Center
Since Thursday, Apple Developer Center has been closed for some kind of work. The developers were wondering what happened, whether this is a new iOS beta or planned work. And the more time since the closing took place, the more speculation arose about this. Typically, such work is completed within a few hours.
This morning, developers registered with the Developer Center received a letter that read:
Almost at the same time as this news, news came from TNW: " A security specialist reported a vulnerability found, but did not steal data ." It turns out that security specialist Ibrahim Balic (İbrahim Baliç) was looking for vulnerabilities in Apple sites. He found 13 vulnerabilities and reported them to Apple via bugreport.apple.com . In the description of one of the vulnerabilities that allowed access to the personal information of developers, Ibrahim cited the personal data of 73 Apple employees. As he writes: “solely to show the hacking process and help Apple fix the vulnerability.”
')
Some time later, a video appeared from which it was clear that he had gained access to more than 100,000 entries and it is even possible to see how the process of obtaining these developers went and what data he had access to. And all this is “just to check how deep I can get”
PS If you have an account in the Apple Developer Center - do not forget to change the password as soon as possible .
PPS There was not enough karma to transfer to the Apple hub. :(
This morning, developers registered with the Developer Center received a letter that read:
On Thursday, a hacker attempted to gain access to the personal information of registered developers. Important personal information was encrypted and could not be accessed; however, we do not exclude the possibility that a cracker could gain access to the names of some developers, their email addresses and email addresses. We stopped the work of the site immediately and since Thursday we have been working around the clock.
To eliminate the threat of this kind in the future, we update the software on the servers, completely rebuild the database and reinstall everything on the developers' computers. We apologize for any inconvenience due to the inaccessibility of the site and we hope that it will resume work in the near future.
Almost at the same time as this news, news came from TNW: " A security specialist reported a vulnerability found, but did not steal data ." It turns out that security specialist Ibrahim Balic (İbrahim Baliç) was looking for vulnerabilities in Apple sites. He found 13 vulnerabilities and reported them to Apple via bugreport.apple.com . In the description of one of the vulnerabilities that allowed access to the personal information of developers, Ibrahim cited the personal data of 73 Apple employees. As he writes: “solely to show the hacking process and help Apple fix the vulnerability.”
')
Some time later, a video appeared from which it was clear that he had gained access to more than 100,000 entries and it is even possible to see how the process of obtaining these developers went and what data he had access to. And all this is “just to check how deep I can get”
PS If you have an account in the Apple Developer Center - do not forget to change the password as soon as possible .
Source: https://habr.com/ru/post/187408/
All Articles