Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program

Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program
Mac hacker Charlie Miller found out an exploit in iOS which would allow apps to download malicious code after their App Store acception, but in order to prove it he decided to actually submit the application. Everything went as expected, except for one little thing – Apple pulled the developer out of its iOS developer program right after it found out about the malicious software.

A rude way to address someone who actually revealed a security threat to the system? Not exactly as this is technically a violation of Apple's policies. Miller could have avoided that if he'd share the found exploits with Apple instead of just demonstrating it in their store. If the developer chose to do so, Apple would have had to respond within 5 days and only then the issue could be made public. But we still find this a bit too harsh given the fact that the developer didn't actually use the vulnerability, but rather brought to Cupertino's attention.

Miller's application was masked as Instastock, a stock app, and yesterday the developer released a public video showing off the exploit, which uses an exception in iOS versions 4.3 and later. The code he ran uses that exception to run unsigned code and can be expanded to other apps. He demonstrated the effects by remotely playing a YouTube video, enabling vibration on the iPhone and downloading all phone contacts.

Microsoft quickly jumped on the Miller PR ship by inviting the hacker to Windows Phone's dev program. Miller may or may not accept, but this gives an interesting angle at dev relations at both companies.

Finally, there are two ways to look at this story. The first and most obvious one is that Apple's iOS platform – just like any other platform – has its flaws and is not 100% secure. The second however is that Apple is acting swiftly to keep its OS clean and so far it seems that this level of protection yields good results, especially on the background of various reports about Android's openness to attacks. What do you make of it?

source: Gizmodo

Video Thumbnail

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless