When Apple’s Developer Center was hacked and went down last month, a Turkish security researcher by the name of Ibrahim Balic took credit for the scare. Balic claimed that he was able to get ahold of Apple ID logins, and Apple spent over a week rebuilding the Dev Center to fix whatever was specifically causing the security compromise. Since Apple never confirmed or denied that Balic was the culprit, his actual involvement in the incident hasn’t been clarified — until now.
Apple has listed some of the security flaws that have been reported to the company recently, and it looks like Balic was likely not responsible for the Dev Center outage after all.
On Apple’s Web Server notifications page, the list of reported security issues from the day the Dev Center went down not only includes Balic, but a couple others. 7dscan.com and SCANV are credited with reporting two “remote code execution” issues, while Balic is credited with “an information disclosure issue” in iAd Workbench, a tool that lets devs create ad campaigns to promote iOS apps.
When Balic originally went public he demonstrated the iAd hack, so there’s no questioning that he was behind that now. But was that the only reason Apple had to completely rebuild the Dev Center? Probably not. “Remote code execution” is a much scarier threat when you’re trying to manage a secure database with sensitive info. Apple has previously said that “an intruder attempted to secure personal information of our registered developers from our developer website.”
Since Balic’s bug was related to iAd Workbench and not the Dev Center, it’s unlikely that he was behind the outage. “The issue that Balic reported had nothing to do with why Apple took down the developer center,” agrees TechCrunch. “That was a completely separate vulnerability.”
Balic told 9to5Mac that his “other reported bugs are waiting to be listed” by Apple, but we have yet to see those. His involvement has been questioned before, and until Apple says otherwise, it looks like there are more pieces to the puzzle than just Balic. Unfortunately, we’ll probably never know exactly why the Dev Center went down.