Apple dev site hack linked to remote code vulnerability
Last month's Apple developer site shutdown has been tied to a vulnerability that was successfully spotted by researchers.
The security issue that made Apple shut down its developer site for more than a week, and left other remaining services offline for longer, has been linked to what the company says was a "remote code execution issue."
On Tuesday, Apple updated its Web Server Notifications, a public document listing credit for people who have tipped the company off to security issues on its Web servers. Under a heading for July 18, which was the same day Apple's developer services went dark, Apple notes that it addressed a remote code issue that was spotted by two security vendors.
The entry is the most recent for the developer site, short of an issue published in early June.
A remote code execution represents a considerable security threat, letting attackers do things like download and run files through instructions sent through the Web.
Of note, the same document -- which was spotted earlier Tuesday by 9to5Mac -- breaks out a separate finding by Ibrahim Balic. That's the security researcher who initially took credit for alerting Apple to a security issue that let him grab personal information. This was just before the developer site and connected services were shut down. Apple notes that the vulnerability Balic had brought up was fixed on July 22, and pertained only to its iAds management tool.
Apple took down its developer site and more than a dozen connected services last month following the discovery of a security intrusion that may have resulted in unauthorized access to some developer information. The company has still not detailed the full scope of that intrusion, nor has it said who is responsible.
Apple declined to comment on the document listing, and noted that it's still investigating the intrusion.