Apple’s Developers Website Vulnerable to Phishing Attacks!!!

Posted in News by Staff on June 29, 2011

The company who is busy in fixing the Jailbreak exploits of their Phones is it self vulnerable to Phishing Attacks. For sure I am talking about Apple, the one and only who loves to play cat and mouse games with the Hacker of iDevices.

Apple’s main website which is of Developing of MAC, iOS and Safari is vulnerable to Phishing Attack. This a group of hackers call them self YGN Ethical Hacker Group who have identified potential security holes in Apples Developers website. The security holes could allow Malicious hackers to enter into Apple’s Developer website and can gain access to user id and passwords.

According to networkworld‘s information the group identified three potential security issues on the website:

  1. Arbitrary URL redirects
  2. Cross-site scripting
  3. HTTP response splitting

“By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials,” the group said. “Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.”

In simple words the user will be redirected to some other websit and the orignal website will be the same http://developer.apple.com/.

You all must know that how important is the Developers Website to Apple and its Devs. All the devs sign in using their Apple IDs and Passwords to access the OS, Betas, MAC OS X, Apps,SDKs and much more. Once the phishing attack is successful, so the hacker can get access to all these things and apart from this, they can get access to iTunes users accounts also.

The interesting thing is that the Group of Hackers YGN said that they have already alerted Apple of this security hole back in April.

“We take the report of a potential security issue very seriously,” Apple told YGN

Apple responded the team is a positive way and said to them that it will take action against it. Now it looks like Apple hasn’t take any action yet and is waiting for some security breach to occur and then they will take some action.

To make Apple act on this issue the team said that they will release some discoveries to the security mailing list with Full Disclosure in Few days.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: