Printed from

Apple boots iOS exploit finder from developer program

updated 10:20 pm EST, Mon November 7, 2011

Apple drops Charlie Miller as dev after finding

Well-known Accuvant security researcher Charlie Miller said he had been ejected from the iOS developer program just hours after discovering a remote control app exploit. Apple didn't explain the reasons why, although the test app, Instastock, had been published to the App Store and would have violated Apple's rules. Miller warned that Apple might have let the app go by without the media attention.

"For the record, without a real app in the App Store, people would say Apple wouldn't approve an app that took advantage of this flaw," he said.

Miller, well-known for hacking iOS devices to reveal exploits at Pwn2Own and other contests, had taken advantage of iOS JavaScript changes since 4.3 to show what could be done just by using the web. The app could successfully take messages, photos, and other content.

By Electronista Staff


  1. lamewing

    Dedicated MacNNer

    Joined: Aug 2004



    This guy is a moron. I give him credit for finding a reporting bugs to Apple, but to most recent method he used of hiding code in an app just to prove the existence of a bug goes against his agreement with Apple. And now he complains and says he's angry with Apple. Seems pretty self-entitled to me.

  1. lockhartt

    Fresh-Faced Recruit

    Joined: Apr 2000



    Sneaking malicious code into an app isn't exactly a bug. Anybody can do that... it's just generally considered stupid to do so because it all traces back to you. People who want to run malicious code don't usually create a legitimate app to do so, at least not on iOS where sufficient documentation is required to verify identity, etc. On Android; however, it's ridiculously easy to create and post a malicious app. Let's see what kind of "bugs" he can find there :)

  1. facebook_Pete

    Via Facebook

    Joined: Nov 2011


    Idiocy at its grandest..

    The guy find s a hole in the java engine of Nitro and decides to sneak an app that contains the exploit that then executes the malicious code. Then tells a bunch of his friends on Twitter what he has done then tells Apple. Then he says " I won't release the exploit until Apple fixes it" when he has already told a bunch of folks on Twitter and says he plans to put it into the Siri Port when its released along with a kernel exploit after a jailbreak is made stabled for untethered. What does this tell you about this guy and he's all smiley in this dam picture? Sigh.

  1. DerekMorr

    Fresh-Faced Recruit

    Joined: Mar 2010


    double standard?

    So let me see -- when malware occassionally slips into the Android Market, the comment threads light up slamming Android for being a poorly designed cesspool of insecurity.

    When malware slips into the App Store, the response is to call the author an idiot.

    Double standard much?

  1. testudo

    Forum Regular

    Joined: Aug 2001


    he's right

    If he just reported the bug or others made it public, the fanboys would just argue it was immaterial since it couldn't be exploited by anyone since the appstore would reject anything with that so the only ones with issues would be jailbreakers and that's what they get, yadda, yadda, yadda.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...

iRig Pads

When it comes to mobile music products, IK Multimedia has positioned itself as one of the top suppliers. Right from the early days of ...



Most Commented


Popular News