iPhone security flaw shows potential for App Store malware
- 09 November, 2011 08:48
- Comments
The iPhone App Store has a reputation for rock-solid security, but that rep took a hit this week when an app that could run unauthorized code and control phones remotely was released to the public.
Luckily, this bad app was released for research purposes--not malicious ones.
Security researcher and famous Mac hacker Charlie Miller demonstrated an iPhone security flaw using a dummy stock ticker app that Apple unwittingly accepted into the App Store. The app was able to call a remote computer, which could then download unsigned code to the iPhone, harvest sensitive data, and trigger actions such as vibrations and ringtones.
Apple has already removed the program from the App Store, and has terminated Miller's developer license, Forbes reports.
Miller plans to describe the flaw in detail at the SysCan conference in Taiwan next week, but the gist is that mobile Safari's "Nitro" JavaScript engine, released with iOS 4.3, requires the privilege of running unapproved code in a region of the iPhone's memory. Miller's exploit extends this privilege to other apps, which are usually barred from running unapproved code in the same way as Safari for security reasons.
iPhone users needn't panic; the offending app is already gone, and Miller expects Apple to squash the security bug to prevent legitimate attacks. Still, this exploit proves that the App Store's strict security measures aren't impenetrable. Security researchers have been saying this for years, but Miller has actually demonstrated it in the real world.
Follow Jared on Facebook, Twitter or Google+ for even more tech news and commentary.
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
- Teleworking made simple—and secure—with desktop virtualisation technology
- Optimised License Management for the Datacenter
- Case Study: BNP Paribas Deploys Oracle Exadata to Accelerate Information Processing - The Hardware Perspective
- HP 3PAR Utility Storage - Benefits Summary - Next-Generation Storage for Virtual and Cloud Data Centers
- Best practices for a Data Warehouse on Oracle Database 11g
-
Broadband Forum to improve IPTV performance with new spec
-
Amazon Web Services moves backups to cloud with new appliance
-
Callforfree.net.au offers free calls to 70 countries
-
Intel ponders solar-powered CPU tech in graphics, memory
-
Apple files complaint against Chinese vendor for using EPAD trademark
-
Computers for Seniors for Dummies, 2nd Edition
-
Microsoft Office
-
Office 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Dummies®
-
Office 2007 for Dummies
-
Windows 7 for Seniors for Dummies®
-
Windows 7 for Dummies® Dvd+book Bundle
-
Excel 2007 All-In-One Desk Reference for Dummies
-
MYOB Software for Dummies 6E Australian Edition
Comments
Post new comment