Skip to main content

Apple’s Developer Center may be down due to a security breach

Update #2: The Apple Developer Center is back up after downtime.

Update: Downtime may be due to a recently discovered vulnerability. See after the jump for details.

Apple’s developer center has been unavailable over the past few hours without explanation. It’s not uncommon to see the site go down for a few hours near announcement events, but today’s reason might be more ominous. Multiple developers across Twitter are postulating that the downtime may be due to a hack.

A few developers have noticed that their developer profile addresses are now showing an address in Russia instead of their own. This has led some to speculate that maintenance in regards to a hack is behind the developer center’s downtime.

While developers may not need to access the site every moment of the day, it can cause development downtime. When compiling code using Apple’s development software Xcode, sometimes the application needs to phone home for code-signing requirements. This means that many devs can be left out in the cold while awaiting Apple’s maintenance.

Apple currently lists seven different types of maintenance on the developer System Status page.

Back in 2014, developer Jesse Järvi discovered that an exploit in Apple’s Developer Center allowed for personal contact information discovery. Järvi was able to pull personal information from various 9to5Mac employees and Apple executives. Apple quickly patched the problem once it was brought to their attention.

Update: A few years ago, Apple’s Developer Center suffered a four-day outage required by a complete overhaul of their internal systems. At that time, the outage was speculated to be caused by a vulnerability in Apache Struts 2.

A 9to5Mac reader pointed out that today’s downtime may be a result of yet another similar vulnerability, CVE-2017-9805. Discovered by researchers at lgtm.com, the vulnerability demonstrates that Apache Struts is vulnerable to remote code execution. According to lgtm.com, “This particular vulnerability allows a remote attacker to execute arbitrary code on any server running an application built using the Struts framework and the popular REST communication plugin”.

A patch for the vulnerability was released today, and Apple may be slowly working through getting it applied onto their servers. It may also be possible that the servers were exploited using this vulnerability and Apple is in the mitigation stages now.


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel