Apple developer site used to distribute software and developer pre-launch link between the document and subscriber, for a $ 99 annual fee. This vulnerability, known as “re-directed open”, allowing for Hackers to redirect users to malicious websites ignorant by slightly modify the URL, and that way get personal information:
Modify the value of the URL to a malicious site, an attacker has successfully launched a phishing fraud and steal user credentials. Because the name of the server in the modified link similar to the original site, phishing attempts with the emergence of a more trustworthy. The group did not reveal specific details on the vulnerabilities and have instead contacted the apples, hoping that the company will try to fix it. In a statement, the company stressed that security is one of its highest priorities: Take report a potential security issue very seriously. As of yet, however, the company has yet to show weakness. The group threatened to export detailed information to the public on the openings 3, which has not yet been proved, unless the company will fix it quickly. That would be at risk, since other hackers could easily exploit the disclosed vulnerabilities for their own benefit and put users at risks. Despite that, the hard truth is many companies are only swift at applying fixes when vulnerabilities are “in the wild”. The same incident this March / last March, when a weakness was found on the McAfee Web site the maker of security programs (ironically). One month after the company notified, weakness has not been proven yet, causes the group to separate the full version online. Shortly after, weakness proved recently. According to U.S. law, the exercise of the discovery of weaknesses to build a third party infrastructure is considered illegal, since is the result of an attempt to break into Web sites. While these may be the case, the hacker group believes Wi-LG the moral is very strongly that security breaches must be detected and remembers before they are used for evil. To prove this apple aperture, be sure not to click on any link to apple developer site from an e-mail, unless you are familiar its source. In doubt, always head to the apple. Com / developer.

« »