The specific hole related to the "vulnerable code portion in developer.apple.com,"according to the group, is called "URL Redirection to Untrusted Site ('Open Redirect')." This is described in of "Common Weakness Enumeration" as follows: "By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance."

The Mitre definition of the URL Redirect says it can allow an attack because "the user may then unwittingly enter credentials into the attacker's web page" which would compromise the user's sensitive information.

Remediation to fix a vulnerability of this type typically involves improving input validation or otherwise changing the website.

YGN Ethical Hacking Group says it will spell out three specific "issues" soon if the Apple developer website isn't fixed to the group's satisfaction. These "issues" involve arbitrary URL redirect; cross-site scripting; and HTTP response splitting, with the "root cause" being the Arbitrary URL Redirect.

In April, the YGN Ethical Hacker Group found a similar Arbitrary URL Redirect issue in Oracle's Java.com website, but Oracle corrected it in about a week and even thanked the group for its information.