Apple Developer Warned About Security Vulnerability in iAd Workbench Months Before Dev Center Downtime
4 mins read

Apple Developer Warned About Security Vulnerability in iAd Workbench Months Before Dev Center Downtime

Thecryptoinsider0

Introduction

Last Thursday, Apple’s developer site went dark unexpectedly, and it remained that way straight through the weekend. The company revealed yesterday that it was due to an "intruder" attempting to access personal information related to Apple’s registered developers. While Apple continues to work on revamping the Dev Center’s security and bringing the whole thing back online, a 25-year-old Turkish security researcher named Ibrahim Balic thinks that it may have been because of him.

The Security Expert Speaks Out

Balic swears up and down that he’s not a malicious hacker. Rather, he claims to be just a security buff who stumbled upon a way to access gobs of Apple user data, tried to warn the company about it, and made a (now private) video highlighting the security flaw in question when Apple wouldn’t respond.

The Bug Reports

Balic is an avid bug hunter (he’s reported them to Facebook among others) and has filed a grand total of 13 bug reports to Apple since he first took an interest in the company. One of these bug reports, #14488816, was specifically related to the iAd Workbench.

The Bug Report Details

In his original bug report, Balic included a few examples of user data that he was able to obtain through the iAd exploit. One of those email addresses he recovered belonged to our very own Josh Constine, who confirmed that it was in fact his Apple ID as well.

Balic’s Intentions

Throughout our conversation, Balic maintained that he was only ever trying to help Apple and plans to delete all the user data he’s collected so far. When asked why he downloaded all that user data rather than simply reporting the bug, Balic says he just wanted to see how "deep" he could go.

Possible Causes of the Site Going Dark

It is possible that Balic’s poking around caught Apple’s attention and prompted the company to take the developer site down. The iAd Workbench may fall under the same broad umbrella as the Dev Center, and the Add User functionality that once appeared in the iAd Workbench seems to have disappeared.

Conclusion

The incident has left many wondering about the security of Apple’s developer site. Balic’s actions have sparked a debate about whether his intentions were pure or if he was trying to expose the vulnerabilities of the site. Only people within Apple really know what’s going on, and they’re just not feeling very chatty at the moment.

Update

If you’d like to learn more about this story, be sure to check back in for updates as we continue to investigate.

Related Stories

  • Meta execs obsessed over beating OpenAI’s GPT-4 internally, court filings reveal: This article explores how Meta executives were obsessed with beating OpenAI’s GPT-4 and the internal pressure that led to it.
  • Google’s NotebookLM had to teach its AI podcast hosts not to act annoyed at humans: Google’s NotebookLM faced a challenge when teaching its AI podcast hosts to interact with humans without appearing annoyed.
  • TikTok users’ attempted migration to Chinese app RedNote isn’t going too well: Users who migrated from TikTok to the Chinese app RedNote are experiencing difficulties.

Subscribe to Our Newsletters

Stay up-to-date on the latest tech news by subscribing to our newsletters:

  • TechCrunch Daily News: Every weekday and Sunday, you can get the best of TechCrunch’s coverage.
  • TechCrunch AI: TechCrunch’s AI experts cover the latest news in the fast-moving field.
  • Startups Weekly: Startups are the core of TechCrunch, so get our best coverage delivered weekly.

Get Involved

Join the conversation on social media using the hashtag #AppleDevSite. Share your thoughts and opinions about this story, and let’s keep the discussion going.

More From TechCrunch

Stay informed with the latest tech news by checking out these related stories:

  • Colossal Biosciences raises $200M at $10.2B valuation to bring back woolly mammoths: Colossal Biosciences has raised $200 million in a funding round that values the company at $10.2 billion.
  • UnitedHealth hid its Change Healthcare data breach notice for months: UnitedHealth has been accused of hiding its Change Healthcare data breach notice for months, leaving patients unaware of the issue.

Related Topics

Apple, breach, Dev Center, Developer Center, security

Related Posts