Apple fixes remote execution code flaw that brought Dev Center down

Dev Center outage (Joy of Tech teaser 001)

While independent security researcher Ibrahim Balic claimed responsibility for taking down Apple’s Dev Center, in reality his discovery of an iAd Workbench vulnerability had nothing to do with the Dev Center outage.

Apple this morning credited Balic for reporting the iAd Workbench bug that did allow him to obtain full names and Apple IDs of Apple’s registered iOS and Mac developers.

While it’s a bit murky whether or not Balic was solely responsible for the system-wide Dev Center shutdown, Apple today wrote on its Web Server notifications page that it fixed a “remote code execution issue” that allegedly caused the downtime…

The Apple Web Server page credits 7dscan.com and SCANV of www.knownsec.com for reporting the bug.

“A remote code execution issue was addressed,” the page reads. “We would like to acknowledge 7dscan.com, and SCANV of www.knownsec.com for reporting this issue”.

As noted by MacRumors, 7dscan.com and SCANV filed the bug with Apple on July 18, which is the same day the Developer Center was taken offline.

Balic told TechCrunch he filed his own bug report concerning the iAd Workbench vulnerability on July 18, too, just hours before the Dev Center went down. However, the Apple Web Server page credits Balic with reporting the bug on July 22, suggesting the iAd issue he reported was unrelated to the major flaw that caused the Dev Center downtime.

If all this sounds confusing, you’re not the only one – I’m still puzzled as to whether or not Balic had anything to do with July 18’s Dev Center issue or if the remote code execution flaw should be blamed.