Printed from

Apple boots iOS exploit finder from developer program

updated 10:20 pm EST, Mon November 7, 2011

Apple drops Charlie Miller as dev after finding

Well-known Accuvant security researcher Charlie Miller said he had been ejected from the iOS developer program just hours after discovering a remote control app exploit. Apple didn't explain the reasons why, although the test app, Instastock, had been published to the App Store and would have violated Apple's rules. Miller warned that Apple might have let the app go by without the media attention.

"For the record, without a real app in the App Store, people would say Apple wouldn't approve an app that took advantage of this flaw," he said.

Miller, well-known for hacking iOS devices to reveal exploits at Pwn2Own and other contests, had taken advantage of iOS JavaScript changes since 4.3 to show what could be done just by using the web. The app could successfully take messages, photos, and other content.

By Electronista Staff


  1. lamewing

    Dedicated MacNNer

    Joined: Aug 2004



    This guy is a moron. I give him credit for finding a reporting bugs to Apple, but to most recent method he used of hiding code in an app just to prove the existence of a bug goes against his agreement with Apple. And now he complains and says he's angry with Apple. Seems pretty self-entitled to me.

  1. lockhartt

    Fresh-Faced Recruit

    Joined: Apr 2000



    Sneaking malicious code into an app isn't exactly a bug. Anybody can do that... it's just generally considered stupid to do so because it all traces back to you. People who want to run malicious code don't usually create a legitimate app to do so, at least not on iOS where sufficient documentation is required to verify identity, etc. On Android; however, it's ridiculously easy to create and post a malicious app. Let's see what kind of "bugs" he can find there :)

  1. facebook_Pete

    Via Facebook

    Joined: Nov 2011


    Idiocy at its grandest..

    The guy find s a hole in the java engine of Nitro and decides to sneak an app that contains the exploit that then executes the malicious code. Then tells a bunch of his friends on Twitter what he has done then tells Apple. Then he says " I won't release the exploit until Apple fixes it" when he has already told a bunch of folks on Twitter and says he plans to put it into the Siri Port when its released along with a kernel exploit after a jailbreak is made stabled for untethered. What does this tell you about this guy and he's all smiley in this dam picture? Sigh.

  1. DerekMorr

    Fresh-Faced Recruit

    Joined: Mar 2010


    double standard?

    So let me see -- when malware occassionally slips into the Android Market, the comment threads light up slamming Android for being a poorly designed cesspool of insecurity.

    When malware slips into the App Store, the response is to call the author an idiot.

    Double standard much?

  1. testudo

    Forum Regular

    Joined: Aug 2001


    he's right

    If he just reported the bug or others made it public, the fanboys would just argue it was immaterial since it couldn't be exploited by anyone since the appstore would reject anything with that so the only ones with issues would be jailbreakers and that's what they get, yadda, yadda, yadda.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News