According to a recent report, a group of hackers have discovered a significant vulnerability within Apple’s Dev Center that leaves the site open to phishing scams. Unless Apple moves quickly, their developers could be at risk.
Phishing attacks are tricks used by hackers to collect your private information. Often, this is done by directing you to a fake-but-convincing website hosted by the hacker that, due to its similarity to the real website, often succeeds in getting users to give up usernames and passwords (or other information).
The YGN Ethical Hacker Group has discovered a critical vulnerability within the site that could allow a hacker to easily redirect visitors to the Dev Center to a malicious website of their own. They have informed Apple about the problem, and have received an acknowledgement of receipt from Apple, who is reportedly taking the matter very seriously.
If this vulnerability isn’t resolved over the next few days, the group has stated that they will publicly release information regarding three specific issues with Apple’s Dev Center via the “Full Disclosure security mailing list,” which they hope will persuade Apple to get to work quickly on a fix.
Apple has not fixed the problem yet, but I am confident that they will fix it very soon – it’s not like Apple to be lax on security. Here’s to hoping that Apple’s on their “A game” with this one.
