x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program

Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program

Posted: , by Victor H.

Tags:

Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program
Mac hacker Charlie Miller found out an exploit in iOS which would allow apps to download malicious code after their App Store acception, but in order to prove it he decided to actually submit the application. Everything went as expected, except for one little thing – Apple pulled the developer out of its iOS developer program right after it found out about the malicious software.

A rude way to address someone who actually revealed a security threat to the system? Not exactly as this is technically a violation of Apple's policies. Miller could have avoided that if he'd share the found exploits with Apple instead of just demonstrating it in their store. If the developer chose to do so, Apple would have had to respond within 5 days and only then the issue could be made public. But we still find this a bit too harsh given the fact that the developer didn't actually use the vulnerability, but rather brought to Cupertino's attention.

Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program
Miller's application was masked as Instastock, a stock app, and yesterday the developer released a public video showing off the exploit, which uses an exception in iOS versions 4.3 and later. The code he ran uses that exception to run unsigned code and can be expanded to other apps. He demonstrated the effects by remotely playing a YouTube video, enabling vibration on the iPhone and downloading all phone contacts.

Microsoft quickly jumped on the Miller PR ship by inviting the hacker to Windows Phone's dev program. Miller may or may not accept, but this gives an interesting angle at dev relations at both companies.

Finally, there are two ways to look at this story. The first and most obvious one is that Apple's iOS platform – just like any other platform – has its flaws and is not 100% secure. The second however is that Apple is acting swiftly to keep its OS clean and so far it seems that this level of protection yields good results, especially on the background of various reports about Android's openness to attacks. What do you make of it?

source: Gizmodo

11 Comments
  • Options
    Close




posted on 08 Nov 2011, 05:27 11

1. android_hitman (Posts: 587; Member since: 07 Jul 2010)


finally someone proved that apple is not so bulletproof as they think

posted on 08 Nov 2011, 08:11 5

8. iKingTrust (banned) (Posts: 716; Member since: 27 Jul 2011)


finally? Anyone with a brain knows that there is nothing as totally secure.

posted on 08 Nov 2011, 05:50 9

2. ivanko34 (Posts: 617; Member since: 04 Sep 2011)


Excommunicated of the apple church of bugology

posted on 08 Nov 2011, 06:39 2

4. paulyyd (Posts: 320; Member since: 08 Jan 2011)


sweet analogy bro

posted on 08 Nov 2011, 06:38 3

3. protozeloz (Posts: 5326; Member since: 16 Sep 2010)


I think It might have not been so smart to do so. anyways I know people who would like to have him on their team, he is more than welcome to join XDA

posted on 08 Nov 2011, 06:43 1

5. ibap (Posts: 675; Member since: 09 Sep 2009)


"acception"? Does no one review these things before they're posted?

posted on 08 Nov 2011, 06:46 6

6. remixfa (Posts: 13902; Member since: 19 Dec 2008)


way to go MS for trying to capitalize on an opportunity to pick up someone smart enough to find long existing security flaws that no one else could. How long has iOS 4.3 been out and noone has noticed?
Like normal, I think apple way over reacted. But, such is apple.

posted on 08 Nov 2011, 07:19 6

7. Sniggly (Posts: 6489; Member since: 05 Dec 2009)


Wait... Google acts just as swiftly to get rid of malicious attacks and apps. Why put them down in this article?

posted on 08 Nov 2011, 11:40 2

9. blackrose (Posts: 48; Member since: 15 Apr 2011)


actually the guy told apple about it 3 weeks before it went into the app store and they choose not to pay any mind

posted on 08 Nov 2011, 11:46 2

10. downphoenix (Posts: 2232; Member since: 19 Jun 2010)


Im sure this dev DID share this information with Apple and Apple either did not acknowledge him or said that he was wrong. So he had to prove them he was right. Way to treat a developer. Hope he's smart and sticks with android or windows from now on instaed of fighting the ban.

posted on 08 Nov 2011, 20:21 1

11. gaby1451 (Posts: 111; Member since: 30 Mar 2011)


Hey Victor,

When you said, "Miller could have avoided that if he'd share the found exploits with Apple instead of just demonstrating it in their store." He actually did do just that.

According to Engadget Mobile, "He [Miller] told CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new 5.0.1 version of iOS that's currently in testing."

Still, rules are rules I suppose...

http://www.engadget.com/2011/11/07/charlie-millers-latest-ios-hack-gets-into-the-app-store-gets-h/

Want to comment? Please login or register.

Latest stories