Apple credits Ibrahim Balic for reporting iAd Workbench vulnerability

dev center down 1

Ibrahim Balic, an independent security researcher, made the headlines by taking credit for knocking Apple’s Dev Center out for thirteen days following his discovery of a serious iAd Workbench vulnerability.

Even though that issue hasn’t made the hack directly possible, it did force Apple to shut down Dev Center for more than a week.

It has also prompted an overhaul of Apple’s developer systems, including updating the server software and rebuilding the entire database. Though Balic has rarely come out of stealth mode since protecting his Twitter timeline out of fear of potential consequences, he needn’t worry as Apple has now credited him with reporting the iAd Workbench vulnerability…

Apple has made it official by mentioning Balic in an update over at the iAd Workbench website:

“We would like to acknowledge Ibrahim BALIC (Balich IT – http://www.balicbilisim.com) for reporting this issue,” the firm wrote.

Balic confirmed to 9to5Mac‘s Scott Buscemi that his “other reported bugs are waiting to be listed” on Apple’s Web Server notifications page.

Though the iAd Workbench vulnerability has made it easy to obtain both names and Apple IDs of users, that issue was unrelated to another major flaw that prompted a system-wide shut down of the Dev Center.

Previously, Balic told TechCrunch that he filed a total of thirteen new bugs with Apple since starting his research on July 16. Among them was the crucial bug #14488816 which allowed him to compromise iAd Workbench and get hold of the full names and Apple IDs belonging to Apple’s registered iOS and Mac developers.

Balic also said he reported the bugs to Apple on July 18, just hours before the Dev Center went down. He made it official by tweeting out, “Finally, I got the expected response from Apple, I’m happy now,” adding “I do not want people to provoke this matter”.

The researcher has always maintained his intentions were never malicious.

Apple on its part insisted that no credit card data, or any other sensitive information, was compromised due to the hack or the downtime.