Last night a period of down-time was experienced by developers attempting to access Apple’s Developer Portal. As it turns out, they appear to have been patching a relatively major security hole which left access to developer personal information to malicious hackers.
According to 9to5Mac, developer Jesse Jarvi discovered the security hole this Saturday. After finding the flaw*, Jarvi emailed a tip to the publication with the names and contact information of several staffers as well as “high ranking Apple executives,” hoping the publication could help send it in to Apple as well.
*UPDATE: Jarvi has let us know that he contacted Apple on his own FIRST, before emailing 9to5Mac. Well done.
The team sat on the information as Apple fixed the hole, and now all appears to be in order. Jarvi showed the hole to exist in a simple download of the app “Radar”, followed by signing in with AppleConnect and loading “Person” under the app’s “Find” menu item.
From there it was just a simple matter of typing any combination of letters to search through the entire Apple developer listing database. Everyone and anyone, that is.
At this time it does not appear that any malicious members of the public took advantage of this flaw in the app. Only Jarvi himself has been public about finding it, and Apple’s database now appears to no longer be available through the app itself.