Saturday, July 2, 2011
Security vulnerabilities in Apple Portal Developers
According to YGN Ethical Hacker Group, the portal developers of Apple will be open to the four winds: riddled with flaws, it could allow an attacker to set up a phishing operation.
"Crippled", the word may be strong, but they are still three vulnerabilities that were discovered by this group of hackers who wants kindness. These three faults are linked and open the door to arbitrary redirection, separation HTTP response, and an XSS attack. A hacker could then direct the user to a malicious site without one cannot realize: the address displayed will always be developer.apple.com. It could then recover login and password with a page much imitated, still unnoticed.
Apple would have been alerted as soon as April 27 but could not properly plug the holes. Oracle, warned at the same time for similar problems, responded in a week and thanked the group. YGN is now threatening to publish his findings on a public list. The portal developers Apple has repeatedly been unreachable in recent hours.
The group of hackers published on his blog the details of these different vulnerabilities. Apple has indeed now fixed these flaws. However, the timing given by the YGN Ethical Hacker Group shows that between the times he reported these problems to Apple and when necessary has been done, it took a good two months.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.