Apple Employees Hacked By Visiting iPhoneDevSDK

[MacRumors]

As reported by The New York Times, the software development website responsible for seeding malicious software to Mac computers at Apple, Facebook, and presumably Twitter has been revealed by a person who was involved with the investigation at Facebook.

The compromised site, iPhoneDevSDK, is an online forum designed for software developers. The site is still infected, and visiting it is not recommended.

At this time, it is unknown if the site had any involvement in the attacks, though it is likely that it was the work of third party hackers given the site's prominent standing as a dedicated community for iPhone developers.

Apple this morning announced that a small number of its employees' computers had been compromised through the Java plug-in vulnerability, an issue that has now been fixed with the Java update and malware removal tool released by Apple this afternoon.

Mac users can determine whether or not they have been affected by the security flaw by installing the Java update, which will notify a user if malware is found. Apple says that the Java update and malware removal tool will "remove the most common variants of malware."

As noted by The Next Web, iPhoneDevSDK is currently in maintenance mode.

Article Link: Apple Employees Hacked By Visiting iPhoneDevSDK

[gmanist1000]

Hacked this hacked that... this is turning out well for cyber-security enthusiasts.

[maxosx]

The amount of breaches no matter the platform is truly getting out of control. It's time for increased focus by all in the tech sector to improve security.

[komodrone]

site is still infected? I remember back in 2010 when Google warned me the site is infected.

[HiRez]

I have an account at that site, I hope I haven't been hacked. That's scary. I installed the update and didn't get a notification, hopefully it's OK. Does that apply to Java 10.6 running on Lion 10.7 also?

[Peace]

Folks are gonna get ticked at me but man. Had developers used the dev discussion instead of this place there probably wouldn't be this problem.

Is that site a place for jailbreakers ?

[Kashsystems]

Quote:

Originally Posted by Peace

Folks are gonna get ticked at me but man. Had developers used the dev discussion instead of this place there probably wouldn't be this problem.

Is that site a place for jailbreakers ?

No it is a site where ios developer discuss code, questions about business, and look for developers to work with.

[technowar]

The site's on maintenance mode.

[ratfink]

Several times over the last few years I remember searching for a development issue and seeing this site near the top but with a malware warning. It would seemingly fluctuate day-to-day or even hour-to-hour.

[Peace]

Quote:

Originally Posted by Kashsystems

No it is a site where ios developer discuss code, questions about business, and look for developers to work with.

In other words a 3rd. party place that serves the same function as the iPhone Dev discussions.

[fins831]

Call me crazy, but this along with the chinese 'supposed' hackings, all while the government is getting ready to make another cyber legislation push....this is all TOO PERFECT.

the timing of everything is so suspect. Maybe I am trying to read between the lines but if they want to take away our rights on the internet, the first thing they have to do is scare us enough to allow us to waive them, raise the white flag.

[arn]

Quote:

Originally Posted by Peace

In other words a 3rd. party place that serves the same function as the iPhone Dev discussions.

Sure but then this is a forum that serves the same functions as apple support forums

[Renzatic]

Quote:

Originally Posted by fins831

snip

If that's true, how is this any worse than all the other millions of hacks, keyloggers, virii, and malware exploits we've been facing down for the past 20 odd years?

[nagromme]

Just visited the site and nothing happened to me.

Long live President Hu Jintao!

[samcraig]

Ohhhhhhh the ironyyyyyy

[Fatalbert]

1. Apple, ban Java from your employees' computers that need to be secure.

2. I'd pay extra for an ISP that has severed all connections to China. Really, just ban them from the Internet. That country is downright nasty. I get connections all the time from it trying to get the admin password from my website, and I've been unsuccessfully brute force attacked over SSH once from China (after that, I changed my SSH port to something non-default). The only good thing about China having advanced tech is that Cables Unlimited can make its probably-illegal HDCP remover to free us from Intel's BS.

This looks really bad for Oracle and Apple, though it's mainly Oracle's fault. I think Apple should release a statement to shove the blame over, which would help with their quest to kill Java (not that I agree with their goals fully).

[sparkso]

What were the impact of the hackings though? What did the hackers do to those employees computers?

[Tankmaze]

Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.

[Peace]

Quote:

Originally Posted by arn

Sure but then this is a forum that serves the same functions as apple support forums

Oh. I agree. I was commenting on the state of relationships between Apple and developers.

It's sad that developers have to go to a 3rd party website for collaboration instead of Apple's official Dev portal.

[edit]

I might add this is going to cause some bad blood between Apple and the devs that go to the other website. Perhaps it will shake things up a bit.

[/edit]

[TouchMint.com]

Quote:

Originally Posted by Tankmaze

Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.

I visit this site daily its too bad this crap keeps happening. My work is going to be pissed if they have to wipe my machine again.

Last time it went down macrumors created a business sub forum but people dont use it much here maybe that will change now.

----------

On a side note its really suprising apple empolyees visit that site and we all thought they didnt care about devs...

[Ryth]

I will not have networked computers aboard this ship

- Adama

Words of wisdom folks.

[coolfactor]

Quote:

Originally Posted by Tankmaze

Iphonedevsdk always had trouble in the past. From the malware warning, hacked site (down) and now this.

Maybe all the members can migrate here. The discussion on that site is gold.

This is an example of the prevalence of cheap hosting and open web frameworks. Overconfidence by do-it-yourself website creators that think that they've got it good, but fail to take all of the proper measures to secure their sites.

[ArtOfWarfare]

Quote:

Originally Posted by komodrone

site is still infected? I remember back in 2010 when Google warned me the site is infected.

Google has warned me about it every few months.

[macsrcool1234]

Quote:

Originally Posted by Fatalbert

1. Apple, ban Java from your employees' computers that need to be secure.

2. I'd pay extra for an ISP that has severed all connections to China. That country is downright nasty. I get connections all the time from it trying to get the admin password from my website, and I've been unsuccessfully brute force attacked over SSH once from China (after that, I changed my SSH port to something non-default). The only good thing about China having advanced tech is that Cables Unlimited can make its probably-illegal HDCP remover to free us from Intel's BS.

This looks really bad for Oracle and Apple, though it's mainly Oracle's fault. I think Apple should release a statement to shove the blame over, which would help with their quest to kill Java (not that I agree with their goals fully).

Couldn't agree more. After banning all ips originating from that area, our hacking attempts were reduced by more than 50%.

As far as the internet is concerned, nothing good comes out of China.

[koban4max]

I guess mac become so insecure.....