iPhoneDevSDK Details What Led to Apple, Facebook Hacking
In January, a number of Apple employees had their Macs compromised following visits to the popular iPhoneDevSDK forum. Employees from Facebook and likely dozens of other companies were compromised as well. In a blog post today, site owner Ian Sefferman shared some limited details* about what happened and what the site is doing about it.
Most notably, the attack was reportedly ended by the hacker on January 30, 2013, meaning the site believes that there is no ongoing threat.
What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers.
We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.
As with Facebook, it's important to stress that we have no reason to believe user data was compromised.
Eric Romang has done some additional detective work on the the attack, laying much of the blame on Java itself. Last month, Apple twice blocked Java 7 from working on users' Macs, perhaps after the company discovered that its own machines had been compromised.
* URL to blog post: http://iphonedevsdk.com/forum/site-news-announcements/111889-iphonedevsdk-compromised-what-happened-and-how-we-are-dealing-with-it.html -- We've avoiding linking it due to the recent hack at that site.
Popular Stories
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Top Rated Comments
One of the dumbest things ever done on the web was giving it the name of "Javascript". Why the heck there hasn't been a movement to change the name puzzles me.
So lots and lots of big giant companies were hacked. It was the fault of some third party.
But all we hear about is that Apple was hacked! Apple has lousy security! Anybody who owns any Apple anything is in SERIOUS DANGER! Run for the hills, but only after destroying all Apple products!
Typical. Apple is just the whipping boy of the mainstream media.
They go into a frenzy and let everybody else have a pass. But not Apple. They act like it is all Apple's fault. They pick on Apple. It is not FAIR! Apple is a scapegoat. Everybody who owns any Apple anything is seen as a lesser person because of this stuff. A complete and total idiot.
I for one am sick of it.
/s
----------
Change all of the affected passwords. Close any credit card accounts that were compromised. If you gave your SS number, there is nothing that can be done about that.
And I agree with a previous poster, Apple is the media's favorite whipping boy right now. Wallstreet's lapdog, the media, is being used to manipulate AAPL stock prices via fear and gloom. When they have driven it down low enough...the sharks will buy-up AAPL yet again...run a bunch of positive articles (PUMP)...followed by yet another DUMP when it gets to their target "high" value. Then they'll place puts on AAPL, run more gloom and doom stories, and make money on the way down too. And then you have Einhorn, the hedge fund "humanitarian" who simply wants to raid the APPL cash pile for his elite clients. It has already been proven that AAPL stock volatility was tied directly to hedge fund manipulation. Expect more...unfortunately. Wallstreet is just a steaming pile.