Ibrahim Balic says that he has been reporting bugs about the portal for some time and Apple has been ignoring them. The claim is very plausible as Apple has been accused of ignoring found bugs in the past and even kicked a leading Apple security researcher from the developer network for proving that a bug existed in the way iTunes delivers Apps to end users. This was former NSA employee Charlie Miller. Miller is famous in the security section for the numerous bugs and exploits he has found with Apple hardware. Miller is also one of the few security researchers to state that Apple products are not more secure than Window products (he said they are about the same). This is a contradiction to what Apple continues to push to the consumer though and might have also helped lead to Miller’s removal from the Apple Developer Program.

Getting back to Balic it seems he is continuing in Miller’s footsteps. Balic chose to focus on a very vulnerable part of Apple’s network. By trying to grab developer credentials (and there is evidence that he did get some IDs) Balic could have uploaded malicious code to the system (and then to iTunes) in the same manner that Charlie Miller did. The fact that Balic was able to identify and exploit a total of 13 bugs that Apple chose to ignore does not bode well for consumer confidence in Apple products. Apple briefly close down their App Store on Sunday which shows they are concerned about how far the attack might have gotten, but did not disclose any information about this other than to claim iTunes is spate and safe. We are not sure if this is going to be good enough to keep an increasingly paranoid market happy with Apple. It would probably be better if Apple comes clean about what (if any) other services are vulnerable to this and what (if anything) is Apple going to do about it? Sadly given Apple’s track record this is not likely to happen unless actual user data is compromised and then, they pretty much have no choice.

Tell us what you think about this in our Forum