Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)归海一刀
published in(发表于) 2014/4/29 9:23:38
Apple Web site has significant gaps， a large number of developers is “peep“

Apple?Web?site?has?significant?gaps,?a?large?number?of?developers?is?"peep"-Apple?Developer?Center,?Apple-IT?news?Apple?Web?site?has?significant?gaps,?a?large?number?of?developers?is?"peep"

According?to?foreign?media?reports?that?Apple?"Developer?Center?site"?(Developer?Center)?revealed?a?few?days?ago?was?a?significant?security?vulnerability?exists,?a?hacker?can?exploit?this?vulnerability?to?obtain?the?large?numbers?of?private?information?stored?on?our?website.

It?is?reported?that?Apple?learned?of?this?situation?have?been?rushed?off?the?last?night,?"Developer?Center?Web?site",?and?after?plugging?that?loophole?put?the?site?back?online.?But?sources?said?the?hackers?through?a?vulnerability?that?was?discovered?at?the?weekend?get?include?the?registered?developers?of?iOS,?Mac?and?Safari?developer?account,?Apple?retail?staff,?employees,?partners,?and?even?the?handful?of?executives?′?personal?contact?and?information.

Reports?that?this?vulnerability?was?first?discovered?by?Apple?Developer?Jesse?J?rvi?local?time?on?Saturday,?after?9to5Mac?noted?that?the?situation?of?foreign?science?and?technology?media?and?immediately?contacted?Apple.?9to5Mac?said?that?due?to?this?vulnerability?very?seriously,?so?this?vulnerability?cannot?be?found?for?the?first?time?made?public,?unless?the?loophole?was?completely?blocked?before?able?to?publish?relevant?information.

Meanwhile,?Jesse?Jrvi?also?released?about?how?they?found?out?there?named?"Radar?application"?vulnerabilities?Apple?in-house?project?video.

Jrvi?says?in?the?video,?he?first?of?all?from?the?Apple?Web?site?to?download?the?"Radar?application"?application,?open?the?application?will?require?the?user?to?authenticate,?and?only?part?of?Apple?employees?have?accounts?of?this?application.?However,?although?entered?the?wrong?user?name?will?not?be?able?to?enter?the?"Radar?application"?main?interface,?but?we?could?still?use?some?other?functions?of?the?application,?which?includes?a?contact?lookup?feature.

Zhihou,?Jrvi?directory?indexing?feature?is?you?can?optionally?enter?a?keyword,?and?the?application?will?be?provided?without?having?to?authenticate?with?that?keyword-related?information?such?as?name,?phone?number?or?e-mail?address.

As?of?now,?Apple?officials?have?yet?to?make?comment.

苹果网站现重大漏洞，大量开发者被“偷窥”?-?苹果开发者中心,苹果?-?IT资讯

苹果网站现重大漏洞，大量开发者被“偷窥”

据国外媒体报道称，苹果“开发者中心网站”（Developer?Center）日前被曝存在重大安全漏洞，黑客可以利用这一漏洞获取该网站所储存的大量隐私信息。

据悉，苹果在获悉这一情况后已经在昨天晚上火速下线了“开发者中心网站”，并在封堵了这一漏洞后将网站重新上线。但有消息称，黑客可以通过这一在上周末被发现的漏洞获取包括已注册的iOS、Mac和Safari开发者账户的开发人员、苹果零售人员、公司员工、合作伙伴甚至是少数高管的个人联系方式和信息。

消息称，这一漏洞最早是苹果开发者Jesse?J?rvi在当地时间周六发现的，在国外科技媒体9to5mac获悉了这一情况后便立刻联系了苹果方面。9to5mac表示，由于这一漏洞非常严重，因此网站无法在发现这一漏洞的第一时间公诸于众，只有在该漏洞被彻底封堵后才能够公布有关信息。

与此同时，Jesse?Jrvi还公布了自己如何找到藏身在名为“Radar?application”的苹果员工内部项目的漏洞过程视频。

Jrvi在视频中表示，他首先从苹果网站下载了“Radar?application”应用，在打开这个应用的时候会要求用户进行身份验证，而只有苹果部分员工拥有这一应用的账户。然而，虽然输入错误的用户名将无法进入“Radar?application”主界面，但我们还是可以使用该应用的部分其他功能，其中就包括联系人查找功能。

之后，Jrvi便可以利用目录索引功能随意输入一个关键词，而该应用便会在无需验证身份的情况下提供同该关键词有关的名字、电话号码或者电子邮件地址等信息。

截止到目前为止，苹果官方尚未就此发表置评。

赞