Latest in App store

Image credit:

Security researcher Charlie Miller finds serious bug in iOS


Security expert and Mac hacker Charlie Miller has uncovered an issue in iOS that would allow an app, downloaded from the App Store, to install and run malicious code on a device from a remote computer. The flaw, which Miller reportedly did upload to the App Store and got past Apple's security checks, would create an app that appears to be innocuous (like Miller's example app, which just runs stock information), but could then download instructions from another computer and then run any commands, steal user files (like photos and contacts) without permission, or even make the iOS device vibrate or play sounds.

Miller's app has already been removed from the App Store, and we're certain Apple will plug this hole in an upcoming update. Even Miller admits it is a very obscure bug, hidden away in iOS but there nonetheless, a byproduct of how Apple had to tweak the system to speed up Javascript in Mobile Safari. He plans to detail the issue at the SysCan conference in Taiwan next week.

Hopefully things will be fixed soon. If you're really worried, it's probably a good idea to hold off on updating or downloading any new apps, especially any that don't come from well-established developers. Still, as Apple is aware of this problem (since Miller's app has been pulled), it's unlikely that any more apps this bug will make it onto the Store itself. The larger issues are the flaw in iOS, why Apple had to create this exception to begin with, and how they are going to fix it.

From around the web

ear iconeye icontext filevr