Apple Never Contacted Hacked Site That Compromised Employee Macs About Attack


Screen Shot 2013-02-20 at 1.01.28 PM

Following yesterday’s surprise announcement that multiple employee computers within Cuptertino had been compromised by a malicious zero-day Java exploit that was uploaded to an iOS developer forum, the owner of the attacked site has spoken out, claiming that not only did he have no idea he had been hacked… Apple never even contacted him to tell him.

The iOS developer forum in question is called iPhone Dev SDK, and the owner, Ian Sefferman, spoke to The Next Web about what happened.

“What we’ve learned is that it appears a single administrator account was compromised,” says Sefferman. “The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user’s computers.”

Even after Apple knew about where the attack had come from, though, they never bothered to contact the admins behind iPhone Dev SDK to tell them they were putting thousands of iOS developers at risk. Again, from The Next Web’s article:

“We were alerted through the press, via an AllThingsD article, which cited Facebook,” says Sefferman. “Prior to this article, we had no knowledge of this breach and hadn’t been contacted by Facebook, any other company, or any law enforcement about the potential breach.”

It seems unconscionable that Apple wouldn’t contact the site administrators. iPhone Dev SDK is a portal and resource for the very developers who have made iOS great. To not warn the site administrators is to allow the developers who use the site to become compromised.

For more information, check out the link below. Apple’s actions here are a strange oversight at best, a terrible lapse in judgment at worst.

Source: The Next Web


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.