We all know Apple’s app approval process in the App Store is very strict. Specially when it comes to security, the app goes through a series of checks before it finally gets approved.
Charlie Miller, a security expert has found a serious vulnerability that allows hackers to do almost anything including copying your address book, vibrate your iPhone, access your iPhone photos etc. etc. In a video posted below, he has shown how the unsigned code can be run by the attacker to access user’s private data. Check out the video below.
Apple responded to Miller in an unexpected way that is removing is developer account. This is what Forbes writes:
Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability. The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants. In the video above, he demonstrates it reading an iPhone’s files and making the phone vibrate. Miller applied for Instastock’s inclusion in the App Store and Apple approved the bo0by-trapped app.
It is to be noted that Charlie Miller is a mature security researcher. Apparently he has no plans to use this exploit for bad purposes otherwise there is no point of showing it to the public. He showed no intention to tell how it works etc. In fact he reached Apple for a comment on it. Removing him from the developer program is a little harsh because he is just pointing out a serious security flaw which they must remove to prevent their users.
Anyways they must be doing work to patch this vulnerability. So let us expect another firmware update.
In past we have posted twice or thrice about Charlie Miller. He is a security researcher and a former National Security Agency analyst. Miller is a famous for exploiting Apple’s Safari browser. This year he hacked iPhone 4 by revealing a security hole and won Pwn2Own Hacking Contest 2011. He has three consecutive wins of Pwn2Own contests under his belt.
Keep on visiting VeryRite.com to read more interesting stories. Make sure you follow us. Also share this post with your friends on Facebook and Twitter.
You may also like to see:
- Crack Stored Password In Locked iPhone Without Breaking Passcode [German Researchers]
- Mac OS X 10.6.7 Update Fixes Pwn2Own Bug
- Apple Officially Launches The Mac App Store. Update To Mac OS X 10.6.6