Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked  (Read 884 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425
« on: November 08, 2011, 03:00:30 pm »
Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked
      


      Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code.   Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction.  Forbes writes:Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year.

...

The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like. Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug.   The App was approved and was able to perform as expected: Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”Miller plans to present his findings at the SysCan conference in Taiwan next week.


Recent Mac and iOS Blog Stories
• "Steve Jobs: The Lost Interview" Coming to Theaters
• Apple Adopting Dual Light Bar System for iPad 3 Display?
• Steve Jobs Biography: About Those Ubiquitous iPod Ads
• Eddy Cue Receives Another 100,000 Shares of Apple Stock
• Winamp Finally Comes to Mac, Bringing Easy Android Music Syncing


 

      

http://www.macrumors.com/2011/11/08/security-researcher-reveals-ios-security-flaw-gets-developer-license-revoked/
      
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: