Apple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.
On the site, Apple credits 7dscan.com and SCANV of www.knownsec.com for reporting the bug on July 18, which is the same day the Developer Center was taken offline. During the downtime, Apple reported that the Developer Center website had been hacked, with an intruder attempting "to secure personal information" from registered developers. The company noted that while sensitive information was encrypted, some developer names, mailing addresses, and/or email addresses may have been acquired.
The eight-day outage required a complete overhaul of Apple's developer systems and a restoration plan that slowly brought services back online.
While security researcher Ibrahim Balic speculated that he might have been behind the security breach, it is now clear that the issue he reported was unrelated to the major flaw that caused the downtime. Apple credits Ibrahim with reporting a separate iAd Workbench vulnerability on July 22. The vulnerability allowed Balic to obtain both names and Apple IDs of users.
On August 10, Apple reported that all of its developer services were back online, a full 23 days after the outage first occurred. As a result of the downtime, Apple gave all developers a one month extension on their developer memberships.
Apple's website continues to state that the first vehicle models with next-generation CarPlay will "arrive in 2024." With less than three days remaining in the year, however, that timeframe is looking more and more unlikely.
It would not be entirely Apple's fault if the stated 2024 target is missed, given that it is ultimately up to automakers to roll out the software in vehicles, but it is...
Friday December 27, 2024 2:43 pm PST by Juli Clover
Even though iOS 18.1 and iOS 18.2 added multiple Apple Intelligence features like Image Playground, Genmoji, Writing Tools, and more, there are still new Apple Intelligence capabilities that we're waiting on. Apple has at least one more major Apple Intelligence update coming in 2025, and the functionality that we're expecting is outlined below.
Priority Notifications
Notification summaries...
Thursday December 26, 2024 10:35 am PST by Juli Clover
Apple this week began teasing some kind of upcoming Apple TV+ surprise that's set to happen on January 4 and January 5, telling customers to "stay tuned" and "save the date" in social media posts.
Apple's images have a tagline that says "See for yourself," but it isn't clear what Apple has planned. Some users on Reddit have speculated that Apple might be planning to launch a promotion that...
Monday December 23, 2024 6:30 am PST by Tim Hardwick
Apple released iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. Apple has added a handful of new non-AI related feature controls as...
Saturday December 28, 2024 12:03 pm PST by Joe Rossignol
Starting with iOS 18.2, released earlier this month, Apple News+ subscribers in the U.S. have access to daily sudoku puzzles in the Apple News app.
There are easy, moderate, and challenging difficulty levels for the daily puzzles. A scoreboard tracks your sudoku stats, including your total number of puzzles solved, fastest completion times per difficulty level, and more.
Sudoku is the...
Tuesday December 24, 2024 8:35 am PST by Joe Rossignol
Apple is expected to release an AirTag 2 next year, and a few new features and changes have already been rumored for the item tracker.
Below, we recap what to expect from the AirTag 2:
The new AirTag is expected to be equipped with Apple's second-generation Ultra Wideband chip for longer range. The chip debuted last year in the iPhone 15 and the Apple Watch Ultra 2, and Apple said it...
Sunday December 22, 2024 8:09 am PST by Joe Rossignol
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple.
The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models:
iPhone 16
iPhone 16 Plus
iPhone 16 Pro
iPhone 16 Pro Max
iPhone 15
iPhone 15 Plus
iPhone 15 Pro
...
Monday December 23, 2024 4:18 am PST by Tim Hardwick
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for.
Apart from their audio and noise-canceling performance, which are generally regarded as...
Glad its finally all resolved. I'm sure someone is trying to find the next venerability.
ven·er·a·ble (vnr--bl) adj. 1. Commanding respect by virtue of age, dignity, character, or position. 2. Worthy of reverence, especially by religious or historical association: venerable relics. 3. Venerable Abbr. Ven. or V. a. Roman Catholic Church Used as a form of address for a person who has reached the first stage of canonization. b. Used as a form of address for an archdeacon in the Anglican Church or the Episcopal Church.
vener·a·ble·ness, vener·a·bili·ty n. vener·a·bly adv.
Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.
Because he knows what he's talking about, unlike you. OSX Server is not designed for that kind of use and would crumble under the load.
Key word, reported, but not confirmed. So, until that time I'll assume it is also a bug in OS X Server that needs addressing. However, I'll give the benefit of doubt and also throw in that it might be the software running on top of OS X.
OS X server has tons of memory overhead (like the GUI) and is not as scalable as some other solutions. Servers at enterprise level need to be as optimised for one job (granted, depends on the server) as much as possible to reduce overhead and costs.
Bottom line: If you need to host a website which has millions of viewers a day, it's just not efficient nor costfriendly do to it purely on OS X. Also one thing to add is if you look at their job applications for System administrator it's mostly for Solaris/Linux.
Think of readers whose first language isn't English. When you use unusual words with spelling that is not found in any dictionary, they can have a hard time finding out what you mean. Ibrahim Balic is quite possibly one of them.
Now whatever was said about him, he deserved it. He took actions that he shouldn't have taken and openly boasted about it. If you want to appear as the tough guy who brought Apple's developer site down, then you deserve anything that comes as a reaction.
I am confused. He did what all security researchers do. Namely try to find bugs. He then quietly reported the bugs to Apple. The site then went down the same day. The guy freaked thinking he was the cause. To try and cover himself he posted a video outlining what happened. He was clearly worried about Apple coming after him. Turns out Apple credited him with discovering another unrelated bug. The guy acted properly and never boasted.
Apple has released new details (via @cabel) on the security flaw that caused the Developer Center to be down for more than a week, noting via its Apple Web Server notifications page that a "remote code execution issue" was fixed.
