Researcher uncovers Apple security flaws
Apple announces ‘rebuilding and strengthening’ of security
After going offline last Thursday, Apple has made its development portal available again this week as it continues to investigate security issues highlighted by a Turkish researcher.
Ibrahim Balic posted a video in which he demonstrates how Apple’s security measures are not enough to prevent him from accessing several user names and IDs.
On Sunday night, Apple emailed users to warn them of “an intruder”, but Mr Balic insists his intentions were simply to highlight the problems rather than benefit from them. He claims to have found 13 areas of concern and drawn each of them to Apple’s attention, with the company quickly announcing they would be “completely overhauling” their systems to prevent future attacks.
Apple insisted that important customer information was encrypted and therefore could not be compromised, but conceded that names, email addresses and home addresses may have been vulnerable during the breach.
Concerns were raised by users after they received unexpected password reset requests, which it is thought could have led to their accounts being compromised and left the door open for malicious content to be released into the App Store.
High profile hacks a worry for users
Apple has been swift to address this security breach, thought to be the first of its kind for any of its web services. However, it has largely declined to comment on the reasons for the downtime users experienced on the developer site, as well as a brief period on Sunday where the App Store was unavailable.
This has caused plenty of speculation, but after recent high profile security breaches such as the situation at Sony, where 77 million accounts were compromised, Apple’s caution is unsurprising.
Adrian Mursec, senior developer at theEword, said: “Users will always be concerned about privacy issues, particularly when a site goes down for as long as this with so little information. However, it is reassuring that Apple is taking steps to protect user data, especially in light of recent cases involving other companies.”