A recent posting on Apple’s Web Server notifications page issues credit to Ibrahim Bialic, 7Dscan.com and SCANV of Knownsec.com for the discovery of two web security issues. Bialic, you may recall, discovered a vulnerability that he later publicly claimed was responsible for the weeks-long outage of Apple’s Developer Center.
The posting was discovered by 9to5Mac.com who claimed that Apple was crediting Bialic with reporting the issue that took down the Dev Center.
However, my sources confirm that Bialic’s report is not responsible for the outage. The issue that Bialic reported had nothing to do with why Apple took down the developer center. That was a completely separate vulnerability. Indeed, the entry related to Bialic is annotated with the iAd Workbench portal address, not the Developer Center address.
The vulnerability reported directly below Bialic’s entry was credited to 7dscan.com and SCANV and is annotated with Apple’s Developer Center address. It seems far more likely that these two researchers are the ones who discovered the remote code execution vulnerability in the Developer Center which caused the outage. For researchers who are in this game, the credit from a company is the reward, so they most likely reported it to Apple. Once it had been confirmed, Apple was worried enough to take the Dev Center down to fix the problem.
The fact that Bialic was not responsible for the aggressive response and rebuilding of the Developer Center by Apple was previously posited by John Paczkowski at All Things D. Our own Chris Velazco also spoke at length to Bialic about his breach of the iAd portal. He also expressed skepticism that Bialic’s report was the cause of the Developer Center outage. It turns out that this was the correct deduction.
Bialic maintained that he was simply performing research (for which he has been thanked by other companies) and retained no user information. He went public with the security issues related to the Dev Center in a YouTube video after he says he got no response from Apple.
When contact to inquire about the actual cause of the Developer Center outage, Apple declined to comment.
Image Credit: Flicrk/Martin Abegglen
Powered by WPeMatico