→ Justin Williams breaks down the story surrounding the “Hacking” of the Apple Developer Portal

Justin gives a great summary of everything involved. His concluding section is especially strong:

The vulnerability isn’t Baliç’s. It’s Apple’s. He just discovered it and Apple deemed it severe enough that their response was to take down their entire developer program until they can close the hole.

I’ve been incredibly vocal about the inconvenience that the downtime has caused me, but knowing how big of an issue it is, I’m fine with Apple taking their time to get the fix right.

I am not fine, however, with them trying to paint themselves the victim of malicious intent when in reality it looks as though someone properly reported a vulnerability in their code to them.

No one comes out of this looking clean, but it could have been a lot worse if a more dark hacker discovered the vulnerability before Baliç.

Κ