Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 19, 2013, 06:05 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Employees Hacked By Visiting iPhoneDevSDK




As reported by The New York Times, the software development website responsible for seeding malicious software to Mac computers at Apple, Facebook, and presumably Twitter has been revealed by a person who was involved with the investigation at Facebook.

The compromised site, iPhoneDevSDK, is an online forum designed for software developers. The site is still infected, and visiting it is not recommended.

At this time, it is unknown if the site had any involvement in the attacks, though it is likely that it was the work of third party hackers given the site's prominent standing as a dedicated community for iPhone developers.

Apple this morning announced that a small number of its employees' computers had been compromised through the Java plug-in vulnerability, an issue that has now been fixed with the Java update and malware removal tool released by Apple this afternoon.

Mac users can determine whether or not they have been affected by the security flaw by installing the Java update, which will notify a user if malware is found. Apple says that the Java update and malware removal tool will "remove the most common variants of malware."

As noted by The Next Web, iPhoneDevSDK is currently in maintenance mode.

Article Link: Apple Employees Hacked By Visiting iPhoneDevSDK
MacRumors is offline   0 Reply With Quote
Old Feb 19, 2013, 06:07 PM   #2
gmanist1000
macrumors 68020
 
gmanist1000's Avatar
 
Join Date: Sep 2009
Hacked this hacked that... this is turning out well for cyber-security enthusiasts.
gmanist1000 is offline   0 Reply With Quote
Old Feb 19, 2013, 06:08 PM   #3
maxosx
macrumors 68020
 
Join Date: Dec 2012
Location: Southern California
The amount of breaches no matter the platform is truly getting out of control. It's time for increased focus by all in the tech sector to improve security.
maxosx is offline   2 Reply With Quote
Old Feb 19, 2013, 06:09 PM   #4
komodrone
Banned
 
Join Date: Apr 2011
site is still infected? I remember back in 2010 when Google warned me the site is infected.
komodrone is offline   1 Reply With Quote
Old Feb 19, 2013, 06:10 PM   #5
HiRez
macrumors 601
 
HiRez's Avatar
 
Join Date: Jan 2004
Location: Western US
I have an account at that site, I hope I haven't been hacked. That's scary. I installed the update and didn't get a notification, hopefully it's OK. Does that apply to Java 10.6 running on Lion 10.7 also?
__________________
Go outside, the graphics are amazing!
HiRez is offline   0 Reply With Quote
Old Feb 19, 2013, 06:13 PM   #6
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Folks are gonna get ticked at me but man. Had developers used the dev discussion instead of this place there probably wouldn't be this problem.

Is that site a place for jailbreakers ?
Peace is offline   1 Reply With Quote
Old Feb 19, 2013, 06:15 PM   #7
Kashsystems
macrumors 6502
 
Join Date: Jul 2012
Quote:
Originally Posted by Peace View Post
Folks are gonna get ticked at me but man. Had developers used the dev discussion instead of this place there probably wouldn't be this problem.

Is that site a place for jailbreakers ?
No it is a site where ios developer discuss code, questions about business, and look for developers to work with.
Kashsystems is offline   8 Reply With Quote
Old Feb 19, 2013, 06:16 PM   #8
technowar
macrumors 6502
 
Join Date: Apr 2011
Location: Cebu, Philippines
The site's on maintenance mode.
__________________
Trigger Happy
technowar is offline   0 Reply With Quote
Old Feb 19, 2013, 06:16 PM   #9
ratfink
macrumors member
 
Join Date: Feb 2012
Several times over the last few years I remember searching for a development issue and seeing this site near the top but with a malware warning. It would seemingly fluctuate day-to-day or even hour-to-hour.
ratfink is offline   1 Reply With Quote
Old Feb 20, 2013, 10:46 AM   #10
alms
macrumors member
 
Join Date: Oct 2003
Location: Boston
Quote:
Originally Posted by Peace View Post
Folks are gonna get ticked at me but man. Had developers used the dev discussion instead of this place there probably wouldn't be this problem.

Is that site a place for jailbreakers ?
It is not a place for jail breakers, but it is a place where you can talk freely about iOS code, the app store, analytics, and Apple without having to worry about the thread being shut down by Apple.

The format is also much easier to use: normal threaded forums rather than Apple's bizarre chaotic ocean of discussion.
alms is offline   0 Reply With Quote
Old Feb 19, 2013, 07:05 PM   #11
ArtOfWarfare
macrumors 603
 
ArtOfWarfare's Avatar
 
Join Date: Nov 2007
Send a message via Skype™ to ArtOfWarfare
Quote:
Originally Posted by komodrone View Post
site is still infected? I remember back in 2010 when Google warned me the site is infected.
Google has warned me about it every few months.
ArtOfWarfare is offline   0 Reply With Quote
Old Feb 20, 2013, 05:43 AM   #12
whooleytoo
macrumors 603
 
whooleytoo's Avatar
 
Join Date: Aug 2002
Location: Cork, Ireland.
Send a message via AIM to whooleytoo
Quote:
Originally Posted by maxosx View Post
The amount of breaches no matter the platform is truly getting out of control. It's time for increased focus by all in the tech sector to improve security.
The problem is complexity. As complexity grows, the difficulty in securing a system grows. Then you have to factor every app/plugin/extension you install could introduce a security flaw, or even an individual version of an app could introduce a flaw and you can't possibly test every single one.

Fixing security is a colossal task.

----------

Quote:
Originally Posted by SockRolid View Post
Oops. I've visited that site more than once in the past year or so.
So I launched Utilities -> Java Preferences, and saw an alert saying "To open Java Preferences, you need a Java Runtime. Would you like to install one now?"

Um, no. Done. With. Java.
Safari has had 'drive by' vulnerabilities too which have been fixed; do you still occasionally use Safari?

My point is - people are more willing to forgive security vulnerabilities in software they use/like than in software they don't. People who have forgotten about Safari's flaws will slam Java, not because it's insecure but because they didn't use/like it in the first place.
__________________
Mac <- Macintosh <- McIntosh apples <- John McIntosh <- McIntosh surname <- "Mac an toshach" <- "Son of the Chief"
whooleytoo is offline   0 Reply With Quote
Old Feb 19, 2013, 06:26 PM   #13
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Just visited the site and nothing happened to me.

Long live President Hu Jintao!
nagromme is offline   10 Reply With Quote
Old Feb 19, 2013, 06:30 PM   #14
samcraig
macrumors G5
 
Join Date: Jun 2009
Ohhhhhhh the ironyyyyyy
samcraig is offline   0 Reply With Quote
Old Feb 19, 2013, 06:32 PM   #15
sparkso
macrumors member
 
Join Date: Dec 2009
What were the impact of the hackings though? What did the hackers do to those employees computers?
sparkso is offline   0 Reply With Quote
Old Feb 19, 2013, 11:42 PM   #16
charlituna
macrumors G3
 
charlituna's Avatar
 
Join Date: Jun 2008
Location: Los Angeles, CA
Quote:
Originally Posted by sparkso View Post
What were the impact of the hackings though? What did the hackers do to those employees computers?
Little to nothing it seems. According to Apple no sensitive info got out. The machines could have been personal machines that happens to be owned by employees. Who knows. Other than it requires Java so its not really all that of a Mac hack and its already been fixed
charlituna is offline   0 Reply With Quote
Old Feb 20, 2013, 01:33 AM   #17
Amazing Iceman
macrumors 68030
 
Amazing Iceman's Avatar
 
Join Date: Nov 2008
Location: Florida, U.S.A.
Quote:
Originally Posted by charlituna View Post
Little to nothing it seems. According to Apple no sensitive info got out. The machines could have been personal machines that happens to be owned by employees. Who knows. Other than it requires Java so its not really all that of a Mac hack and its already been fixed
Yeah, but lately, the weak point has been either Java or Flash, being the first one the most common nowadays. It may be time to ditch JAVA, and get over with this nonsense. It has had too many security flaws, and nothing can assure us there are no more to be discovered.
__________________
17" MacBook Pro (2007) iPad Air WiFi+Cell 128 GB iPhone 5s 64 GB T-Mobile AppleTV 2
Follow @AmazingIceman for useful tech info and more (mention MacRumors).
Amazing Iceman is offline   1 Reply With Quote
Old Feb 19, 2013, 06:33 PM   #18
Tankmaze
macrumors 65816
 
Tankmaze's Avatar
 
Join Date: Mar 2012
Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.
__________________
Check out our game Tank Maze
Tankmaze is offline   0 Reply With Quote
Old Feb 19, 2013, 06:40 PM   #19
TouchMint.com
macrumors 65816
 
TouchMint.com's Avatar
 
Join Date: May 2012
Location: Phoenix
Quote:
Originally Posted by Tankmaze View Post
Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.
I visit this site daily its too bad this crap keeps happening. My work is going to be pissed if they have to wipe my machine again.

Last time it went down macrumors created a business sub forum but people dont use it much here maybe that will change now.

----------

On a side note its really suprising apple empolyees visit that site and we all thought they didnt care about devs...
__________________
TouchMint.com iOS App Site
Adventure To Fate iOS RPG Game Site
Indie iOS Game: Adventure To Fate : A Quest To The Core JRPG

TouchMint.com is offline   0 Reply With Quote
Old Feb 19, 2013, 06:52 PM   #20
Ryth
macrumors 65816
 
Join Date: Apr 2011
I will not have networked computers aboard this ship

- Adama


Words of wisdom folks.
Ryth is offline   3 Reply With Quote
Old Feb 19, 2013, 06:58 PM   #21
coolfactor
macrumors 68000
 
Join Date: Jul 2002
Location: Vancouver, BC CANADA
Quote:
Originally Posted by Tankmaze View Post
Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.
This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.
coolfactor is offline   0 Reply With Quote
Old Feb 19, 2013, 07:23 PM   #22
Peace
macrumors P6
 
Peace's Avatar
 
Join Date: Apr 2005
Location: Space--The ONLY Frontier
Quote:
Originally Posted by coolfactor View Post
This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.
It's also an example of Apple's need to reign in both employees and access to beta builds.
Peace is offline   0 Reply With Quote
Old Feb 20, 2013, 05:58 AM   #23
Reason077
macrumors 65816
 
Join Date: Aug 2007
Quote:
Originally Posted by coolfactor View Post
This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.
Actually, iphonedevsdk.com is hosted by Vanilla forums, a "cloud" provider of community forums which ought to be pretty secure and well-maintained.

Apparantely the hackers somehow obtained an admin password to iphonedevsdk's account on Vanilla, and used that to add malicious code to the site.
Reason077 is offline   0 Reply With Quote
Old Feb 19, 2013, 07:28 PM   #24
Rudy69
macrumors 6502
 
Join Date: Mar 2009
Quote:
Originally Posted by Tankmaze View Post
Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.
I think what brings developers to the site is:
1. Community of mostly developers or people involved in selling apps
2. Away from the general public (mostly, the site is not private or anything but very few ventures there)
Rudy69 is offline   0 Reply With Quote
Old Feb 19, 2013, 07:47 PM   #25
Robert.Walter
macrumors 6502
 
Join Date: Jul 2012
I removed java from my Macs some time ago.

I checked for updates via the Mac App Store button, and the system said that no updates were available.

Question: Does this latest update require Java to be installed to run the associated anti-malware patch? And if Java is not installed, will the update fail to be required such that the patch will also not be run?

Question 2: Is it possible that I have enabled some setting that allowed the anti-malware patch to be run but without notification?

Thanks to the community for any answers.
Robert.Walter is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Commemorative Posters at Apple Campus List All Former and Current Apple Employees MacRumors MacRumors.com News Discussion 114 Dec 2, 2014 05:06 AM
Tim Cook to Apple Employees in New Video: 'At Apple, We Do the Right Thing' MacRumors MacRumors.com News Discussion 173 Jul 14, 2014 03:56 PM
Apple CEO Tim Cook Joins Twitter, First Tweet About Visiting Palo Alto Apple Retail Stores MacRumors MacRumors.com News Discussion 134 Sep 22, 2013 02:35 AM
iPhoneDevSDK Details What Led to Apple, Facebook Hacking MacRumors MacRumors.com News Discussion 37 Feb 22, 2013 12:57 AM
iPhoneDevSDK gone? KarlJay App Store Business, Legal and Marketıng 51 Jul 19, 2012 06:48 AM

Forum Jump

All times are GMT -5. The time now is 11:54 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC