Apple Dev Center Hacked, May Delay iOS & OS X Beta Updates
Apple has thus far kept a consistent pace for its developer previews of OS X Mavericks and iOS 7. Since their first releases in the wake of WWDC last month, Apple has released new betas to registered developers every two weeks through the company’s developer center website. In keeping with the schedule thus far, today should see another round of releases. But it’s not likely to happen.
Last week, developers noticed that Apple’s developer center was down. It’s not uncommon for any company’s website to go down from time to time for maintenance and other issues, but when the downtime reached its third day on Saturday, many began to speculate that something more serious than simple maintenance was the cause.
Sure enough, Apple this weekend released a statement to developers via email, claiming that the website had been hacked:
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
It was later revealed that an independent security researcher, Ibrahim Balic, claimed credit for the security breach, but stated that he was only testing and demonstrating flaws in Apple’s security. He claims to have sent Apple detailed reports of each breach and states that developers’ personal information is safe. In other words, according to Balic, he simply exploited a security hole in Apple’s system, repeatedly informed Apple of his actions (without a response from the company), and Apple overreacted by classifying the situation as far worse than it actually was. Balic’s claims, of course, are thus far unverified.
Apple now states that it is taking steps to patch the holes exploited during the breach, and that it is rebuilding the site and its database, but has not made any public response to Balic’s claims. The developer site remains down with no indication of when users might expect it to return.
As mentioned earlier, updates to the betas for iOS 7 and OS X Mavericks were expected for today. While Apple has the capability to distribute updates directly to each user (via over-the-air updates on iOS and Software Update on OS X), it is unclear if the company will choose that route without access to the developer site.
Update: It looks like Apple has chosen to release beta updates without restoration of the developer website. OS X Mavericks Developer Preview 4 was just seeded to developers via the Mac App Store’s Software Update.
So developers, and the countless Apple fans who depend on their reports, will have to wait a bit longer for the latest updates to Apple’s new operating systems. As for the developers themselves, despite Mr. Balic’s claims that the information he obtained is secure, it might still be a good idea to change your passwords and hope that Apple gets everything sorted out soon.