Forbes reports that Charlie Miller, security researcher and well-known white hat hacker, has discovered a security vulnerability in iOS that allows apps approved by Apple and obtained via the App Store to illicitly access user data and the device’s settings via a code signing flaw.
Charlie Miller’s iOS Exploit Makes Every App a Potential Threat.
Although he plans to further discuss this vulnerability in Apple’s platform at the SysCan conference in Taiwan next week, Mr. Miller has already exploited the flaw by planting an app that takes advantage of the vulnerability in Apple’s App Store. The App, now removed, was originally approved by Apple with no conditions.
“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Mr. Miller explains. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
Mr. Miller discussed this flaw via a YouTube video first uploaded on September 23, 2011. He then officially notified Apple of the flaw on October 14. After Apple failed to acknowledge or fix the issue, the security researcher submitted his app taking advantage of the flaw and it was approved. It was only after Forbes broke Mr. Miller’s story that Apple responded by removing the app from the App Store.
In an unfortunate turn of events for both Apple and Mr. Miller, Apple terminated the researcher’s iOS Developer Membership in response to his proof-of-concept submission. Apple claims that the hidden code in the app violates the Developer Agreement, which prohibits developers from hiding, misrepresenting, or obscuring any part of a submitted app.
“I’m mad,” Mr. Miller responded in a statement to Forbes, “I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”
Apple did not immediately respond to The Mac Observer’s request for comment.