DecryptedTech

Wednesday05 October 2022

Turkish Security Researcher Says Apple Breach Came After Apple Ignored Multiple Bug Reports


Reading time is around minutes.
steve-jobs-think-what-we-say

Yesterday we reported on a breach in Apple’s developer portal. This breach appears to have happened over the course of about three days and resulted in Apple pulling the entire system offline for redesign. At the time of the article (which can be found here) no one had claimed responsibility Apple had not pointed the finger at anyone. Now it seems that a Turkish security researcher is claiming responsibility for the hack, but is saying that he was only looking for bugs in the system to show Apple that the portal was leaking user data.

 

Ibrahim Balic says that he has been reporting bugs about the portal for some time and Apple has been ignoring them. The claim is very plausible as Apple has been accused of ignoring found bugs in the past and even kicked a leading Apple security researcher from the developer network for proving that a bug existed in the way iTunes delivers Apps to end users. This was former NSA employee Charlie Miller. Miller is famous in the security section for the numerous bugs and exploits he has found with Apple hardware. Miller is also one of the few security researchers to state that Apple products are not more secure than Window products (he said they are about the same). This is a contradiction to what Apple continues to push to the consumer though and might have also helped lead to Miller’s removal from the Apple Developer Program.

Getting back to Balic it seems he is continuing in Miller’s footsteps. Balic chose to focus on a very vulnerable part of Apple’s network. By trying to grab developer credentials (and there is evidence that he did get some IDs) Balic could have uploaded malicious code to the system (and then to iTunes) in the same manner that Charlie Miller did. The fact that Balic was able to identify and exploit a total of 13 bugs that Apple chose to ignore does not bode well for consumer confidence in Apple products. Apple briefly close down their App Store on Sunday which shows they are concerned about how far the attack might have gotten, but did not disclose any information about this other than to claim iTunes is spate and safe. We are not sure if this is going to be good enough to keep an increasingly paranoid market happy with Apple. It would probably be better if Apple comes clean about what (if any) other services are vulnerable to this and what (if anything) is Apple going to do about it? Sadly given Apple’s track record this is not likely to happen unless actual user data is compromised and then, they pretty much have no choice.

Tell us what you think about this in our Forum

 

Last modified on Monday, 22 July 2013 10:09

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.