Apple dev site hack linked to remote code vulnerability

Last month's Apple developer site shutdown has been tied to a vulnerability that was successfully spotted by researchers.

The security issue that made Apple shut down its developer site for more than a week, and left other remaining services offline for longer, has been linked to what the company says was a "remote code execution issue."

On Tuesday, Apple updated its Web Server Notifications, a public document listing credit for people who have tipped the company off to security issues on its Web servers. Under a heading for July 18, which was the same day Apple's developer services went dark, Apple notes that it addressed a remote code issue that was spotted by two security vendors.

The entry is the most recent for the developer site, short of an issue published in early June.

A remote code execution represents a considerable security threat, letting attackers do things like download and run files through instructions sent through the Web.

Of note, the same document -- which was spotted earlier Tuesday by 9to5Mac -- breaks out a separate finding by Ibrahim Balic. That's the security researcher who initially took credit for alerting Apple to a security issue that let him grab personal information. This was just before the developer site and connected services were shut down. Apple notes that the vulnerability Balic had brought up was fixed on July 22, and pertained only to its iAds management tool.

Apple took down its developer site and more than a dozen connected services last month following the discovery of a security intrusion that may have resulted in unauthorized access to some developer information. The company has still not detailed the full scope of that intrusion, nor has it said who is responsible.

Apple declined to comment on the document listing, and noted that it's still investigating the intrusion.

About the author

Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the Makerbot Replicator 3D Printer and all the supplies you need to get started.