Screen Shot 2013-08-20 at 9.43.32 AM

This morning, Apple updated its Apple Web Server notifications page to credit security researcher Ibrahim Balic and several others for pointing out security flaws in their web servers.

Balic claimed to be responsible for taking down the Developer Center after demonstrating how security flaws in the website allowed him to gather full names and Apple IDs. After Apple did not respond promptly to his bug reports, he posted the details to YouTube and discussed them on Twitter. The video has since been taken down.

During the Developer Center’s one week outage (other services took even longer to be restored), Balic was contacted by Apple and their security team to gather more details. During initial contact with 9to5Mac back in July, he was very persistent on stating that he’s not a “hacker” and was not going to use the data for any malicious purposes. Apple, it appears, did appreciate his findings and is now crediting him on their website:

2013-07-22 iadworkbench.apple.com

An information disclosure issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT – http://www.balicbilisim.com) for reporting this issue.

This listing, however, does not confirm that he was solely responsible for Apple’s take-down of the Developer Center, but Balic has told me that his “other reported bugs are waiting to be listed” on the page.

On August 10th, all services were restored in the Developer Center and members received a one month extension as a result of the downtime. The front-facing site itself did not change, but Apple spent time to rebuild the database and update software.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

One Response to “Security researcher Ibrahim Balic credited by Apple for reporting Developer Center issue”

  1. I can’t help but think that had this occurred under Jobs’ watch that this guy wouldn’t get a lick of credit and likely barred from anything Apple has under their control for life. I think it’s great he’s getting credit…just noting what I see as yet another change in Apple now from Apple in the past.