Wednesday, May 18, 2016

fixes remote execution flaw that brought Dev Center down

While independent security resrcher Ibrahim Balic claimed responsibility for taking down ’s Dev Center, in rlity his discovery of an iAd Workbench vulnerability had nothing to do with the Dev Center outage. this morning credited Balic for reporting the iAd Workbench bug that did allow him to obtain full names and IDs of ’s registered iOS and Mac developers.While it’s a bit murky whether or not Balic was solely responsible for the system-wide Dev Center shutdown, today wrote on its Web Server notifiions page that it fixed a “remote execution issue” that allegedly caused the downtime…The Web Server pagecredits and SCANV of for reporting the bug.“A remote execution issue was addressed,”the page rds.“We would like to acknowledge, and SCANV of for reporting this issue”.As noted byMacRumors, and SCANV filed the bug with on July18, which is the same day the Developer Center was taken offline.Balic told TechCrunchhe filed his own bug report concerning the iAd Workbench vulnerability on July 18, too, just hours before the Dev Center went down. However, the Web Server page credits Balic with reporting the bug on July 22, suggesting the iAd issuehe reported was unrelated to the major flaw that caused the Dev Center downtime.If all this sounds confusing, you’re not the only one – I’m still puzzled as to whether or notBalic had anything to do with July 18′s Dev Center issue or if the remote execution flaw should be blamed.

No comments:

Post a Comment