Apple's Developer Site is Under Phishing Attacks



With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
The hacker group claims to have found three separate security flaws in Apple's developer website - arbitrary URL redirects, cross-site scripting, and HTTP response splitting. Especially the arbritry URL redirects are problematic, since it would make it quite easy to lead a phishing attack to obtain login credentials from Apple's third party developers. Developers use Apple IDs to login, so this would give malicious folk access to developers' iTunes accounts.
YGN Ethical Hacker Group isn't a new group - they've already identified similar security issues at other websites. Java.com, for instance, suffered from similar URL redirect issues, but Oracle fixed it within a week, and thanked the hacker group. They also found issues with McAfee's website, but McAfee refused to fix anything until the hacker group went for full disclosure.
Apple has been given the same two months to fix their issues, but Apple has so far refused to do so. The issues were reported to Cupertino April 25, and Apple confirmed they had received the information two days later. We're two months down the line now, and nothing has been fixed, according to the hacker group. As such, they will now take the same steps they took with McAfee

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories:

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...