This isn't the first brush Apple's iOS platform has had with apps that exploit
security holes to run unsigned code, but according to the developer of InstaStock, this may be the first to get a security researcher booted from its developer program.
Charlie Miller shared his discovery with
Forbes earlier today, showing off an app which successfully made it through Apple's approval process despite packing the ability to download and run unsigned code. That could allow a malicious app to access user data or activate hardware features remotely. Apple pulled the app after the findings were published, and according to Miller, revoked his developer access shortly afterward for what seems to be a clear violation of the guidelines. He told
CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new
5.0.1 version of iOS that's currently in testing. He'll be explaining his method in more detail next week at SysCan, but until the hole is confirmed closed we'd probably keep a tight leash on our app store browsing.
[Thanks to everyone who sent this in]
Continue reading Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video)
Charlie Miller's latest iOS hack gets into the App Store, gets him tossed out (video) originally appeared on Engadget on Mon, 07 Nov 2011 22:57:00 EDT. Please see our terms for use of feeds.
Permalink |
CNET, Forbes, @0xcharlie (Twitter) |
Email this |
Comments
Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/zQy9e_4BbmQ/
lsu football lsu alabama earthquake when is daylight savings 2011 what time is it lsu vs alabama cain gingrich debate
No comments:
Post a Comment