Apple Never Contacted Hacked Site That Compromised Employee Macs About Attack

Screen Shot 2013-02-20 at 1.01.28 PM

Following yesterday’s surprise announcement that multiple employee computers within Cuptertino had been compromised by a malicious zero-day Java exploit that was uploaded to an iOS developer forum, the owner of the attacked site has spoken out, claiming that not only did he have no idea he had been hacked… Apple never even contacted him to tell him.

The iOS developer forum in question is called iPhone Dev SDK, and the owner, Ian Sefferman, spoke to The Next Web about what happened.

“What we’ve learned is that it appears a single administrator account was compromised,” says Sefferman. “The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.”

Even after Apple knew about where the attack had come from, though, they never bothered to contact the admins behind iPhone Dev SDK to tell them they were putting thousands of iOS developers at risk. Again, from The Next Web’s article:

“We were alerted through the press, via an AllThingsD article, which cited Facebook,” says Sefferman. “Prior to this article, we had no knowledge of this breach and hadn’t been contacted by Facebook, any other company, or any law enforcement about the potential breach.”

It seems unconscionable that Apple wouldn’t contact the site administrators. iPhone Dev SDK is a portal and resource for the very developers who have made iOS great. To not warn the site administrators is to allow the developers who use the site to become compromised.

For more information, check out the link below. Apple’s actions here are a strange oversight at best, a terrible lapse in judgment at worst.

  • technochick

    Didn’t know it was Apple’s job to monitor site security for other companies.

    Or that they didn’t try and could reach anyone other than to go to the site and risk more exposure to this malware etc

    Although if you look at the comments from Apple they don’t seem to know the source so its possible they found out from the various articles that yes this site was apparently the source.

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , , |