toggle

Apple boots iOS exploit finder from developer program

updated 10:20 pm EST, Mon November 7, 2011

 

Apple drops Charlie Miller as dev after finding


Well-known Accuvant security researcher Charlie Miller said he had been ejected from the iOS developer program just hours after discovering a remote control app exploit. Apple didn't explain the reasons why, although the test app, Instastock, had been published to the App Store and would have violated Apple's rules. Miller warned that Apple might have let the app go by without the media attention.

"For the record, without a real app in the App Store, people would say Apple wouldn't approve an app that took advantage of this flaw," he said.

Miller, well-known for hacking iOS devices to reveal exploits at Pwn2Own and other contests, had taken advantage of iOS JavaScript changes since 4.3 to show what could be done just by using the web. The app could successfully take messages, photos, and other content.




By Electronista Staff

Post tools:

TAGS :  

iPod, iPhone, industry, security, hacks, mobile phones, Apple, iPad

Related Articles

Recent Articles

toggle

Previous Comments

  1. lamewing

    Dedicated MacNNer

    Joined: Aug 2004

    +15
    11/08, 12:31am | report spam | reply

    ID10T

    This guy is a moron. I give him credit for finding a reporting bugs to Apple, but to most recent method he used of hiding code in an app just to prove the existence of a bug goes against his agreement with Apple. And now he complains and says he's angry with Apple. Seems pretty self-entitled to me.


  1. lockhartt

    Fresh-Faced Recruit

    Joined: Apr 2000

    +2
    11/08, 07:29am | report spam | reply

    Bug?

    Sneaking malicious code into an app isn't exactly a bug. Anybody can do that... it's just generally considered stupid to do so because it all traces back to you. People who want to run malicious code don't usually create a legitimate app to do so, at least not on iOS where sufficient documentation is required to verify identity, etc. On Android; however, it's ridiculously easy to create and post a malicious app. Let's see what kind of "bugs" he can find there :)


  1. facebook_Pete

    Via Facebook

    Joined: Nov 2011

    0
    11/08, 10:04am | report spam | reply

    Idiocy at its grandest..

    The guy find s a hole in the java engine of Nitro and decides to sneak an app that contains the exploit that then executes the malicious code. Then tells a bunch of his friends on Twitter what he has done then tells Apple. Then he says " I won't release the exploit until Apple fixes it" when he has already told a bunch of folks on Twitter and says he plans to put it into the Siri Port when its released along with a kernel exploit after a jailbreak is made stabled for untethered. What does this tell you about this guy and he's all smiley in this dam picture? Sigh.


  1. DerekMorr

    Fresh-Faced Recruit

    Joined: Mar 2010

    -1
    11/08, 11:25am | report spam | reply

    double standard?

    So let me see -- when malware occassionally slips into the Android Market, the comment threads light up slamming Android for being a poorly designed cesspool of insecurity.

    When malware slips into the App Store, the response is to call the author an idiot.

    Double standard much?


  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1
    11/08, 02:29pm | report spam | reply

    he's right

    If he just reported the bug or others made it public, the fanboys would just argue it was immaterial since it couldn't be exploited by anyone since the appstore would reject anything with that so the only ones with issues would be jailbreakers and that's what they get, yadda, yadda, yadda.


Login Here

Not a member of the MacNN forums? Register now for free.

Recently Commented Articles

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Sponsor

 
toggle

Popular News