Apple Websites Hit by Hackers

[Peaches]

Apple Websites Hit by Hackers

Hackers have identified vulnerabilities on Apple websites which gave them access to the data stored in the underlying databases.

Yesterday, the Anonymous collective disclosed an SQL injection vulnerability found in a survey script hosted on the Apple Business Intelligence (abs.apple.com) website.

The notorious group of hacktivists which is currently involved in AntiSec, a campaign to hack into government and corporate websites, leaked two dozen hashed passwords extracted from the Apple database. However, the group said that Apple is not a primary target. "Apple could be target, too. But don't worry, we are busy elsewhere," it wrote on Twitter. Meanwhile, an independent hacker known as Idahc who positioned himself against AntiSec, also disclosed vulnerabilities on an Apple site.

According to the self-confessed grey hat hacker, the Apple Consultants Network portal is vulnerable to cross-site scripting and blind SQL injection attacks. The XSS weakness can be exploited to inject iframes into the page by directing victims to a specially-crafted URL. This type of flaw can be used to enhance phishing or malware distribution attacks.

The blind SQL injection vulnerability is even more dangerous and Idahc used it to extract table and column names from the database. The information he released suggest that home addresses and phone numbers of consultants were exposed.

More here: http://news.softpedia.com/news/Apple-Websites-Hit-by-Hackers-209513.shtml