Apple Afraid of Penetration Tester

A few days ago, tech giant had to shut down its Mac, iPhone, and iPad developer site to carry out a huge unscheduled maintenance. At first, Apple didn’t reveal the reason, but later the company admitted that its security experts detected an intruder who might have stolen users’ data.

Although sensitive data was encrypted and not accessed, Apple claimed that some developers’ names, mailing addresses, and email addresses might have been accessed. But it later turned out that the evil intruder was Ibrahim Balic – a London-based penetration tester. Organizations regularly hire Balic in order to find flaws in their systems, and Ibrahim recently decided to take a look at Apple’s websites. In result, he discovered 13 bugs there and reported all of them through the online bug reporter. After a bug report the portal was taken offline.

More Articles after the break.....


However, the company had done as it usually does with security concerns and didn’t even bother to reply to the tester. Instead the tech giant assumed it was under a massive attack. In the meantime, Balic made a YouTube video to demonstrate how he managed to access developer data, but he took the video down after noticing that he hadn’t obscured the details of the individual developers. Some of you might think that Apple would be a bite more sensitive to the security of its developers and thank people who find the bugs.

Earlier in 2013, one iOS developer forum was compromised and infected employees from Twitter, Facebook, and other tech giants with malware. Intruders with stolen Apple developer accounts would also manage to upload malicious apps under the developer's name. The drawback of the company’s security policy is that it has taken offline its developer website while developers were preparing apps for iOS 7, planned for release later in 2013.