Apple recently updated their Web Server notifications page with several new acknowledgements to people who discovered and reported security vulnerabilities in Apple's servers. Among the discoveries acknowledged seems to be the vulnerability that was responsible for Apple's Developer Portal's eight-day outage. The notifications page shows a remote code execution vulnerability being reported on July 18th, the same day that Apple took the developer site down.
In the days following the outage, Apple posted a message explaining that the portal had been taken down in response to a security threat. Apple further explained that to prevent any similar security threats from occurring that they would be overhauling the entire system, which is what ultimately caused the prolonged outage. This prompted security researcher Ibrahim Balic to come forward publicly, believing that he was the one responsible for the outage. However, with Apple now giving credit to 7dscan.com and SCANV of www.knownsec.com for the discovery of a remote code execution vulnerability on developer.apple.com, it's much more likely that this was the cause of the developer portal downtime.
The information disclosure bug reported by Balic allowed him to retrieve a users's username, real name and email address by providing a single piece of user information. While this is certainly a bug and raised a concern about privacy, a remote code execution vulnerability poses a much greater threat. We don't know the details of the vulnerability, but its classification would suggest that a remote attacker may have had the ability to execute arbitrary code on Apple's servers. In more severe cases, this type of vulnerability can lead to an attacker completely taking over a machine remotely. Given the relative severity of the vulnerabilities, and the timelines being reported by Apple, all signs point to the remote code execution vulnerability being the culprit.
Source: 9to5Mac
We may earn a commission for purchases using our links. Learn more.
Apple gives 'Prehistoric Planet' a big apple.com promo on premiere day
Apple is making sure everyone knows about the new Apple TV+ series 'Prehistoric Planet' by slapping a massive animated promo on its apple.com homepage.
Phenomenal iOS 16 concept has all of the features you've been dreaming of
With Apple keeping its iOS 16 plans close to its chest, we already know that we'll be very happy indeed if it turns out to be anything like this new concept.
Review: SANDMARC's Macro Lens easily beats the native iPhone macro mode
While the iPhone 13 Pro is capable of Macro mode photography, it is far from perfect. With SANDMARC's 25mm Macro Lens, you can get even better macro photos with your iPhone 13 Pro, or even with older iPhones.
Keep an eye on the front door with the best HomeKit video doorbells
HomeKit video doorbells are a great way to keep an eye on those precious packages at your front door. While there are just a few from which to choose, these are the best HomeKit options available.