Printed from http://www.electronista.com

Apple boots iOS exploit finder from developer program

updated 10:20 pm EST, Mon November 7, 2011

Apple drops Charlie Miller as dev after finding

Well-known Accuvant security researcher Charlie Miller said he had been ejected from the iOS developer program just hours after discovering a remote control app exploit. Apple didn't explain the reasons why, although the test app, Instastock, had been published to the App Store and would have violated Apple's rules. Miller warned that Apple might have let the app go by without the media attention.

"For the record, without a real app in the App Store, people would say Apple wouldn't approve an app that took advantage of this flaw," he said.

Miller, well-known for hacking iOS devices to reveal exploits at Pwn2Own and other contests, had taken advantage of iOS JavaScript changes since 4.3 to show what could be done just by using the web. The app could successfully take messages, photos, and other content.





By Electronista Staff
toggle

Comments

  1. lamewing

    Dedicated MacNNer

    Joined: Aug 2004

    +15

    ID10T

    This guy is a moron. I give him credit for finding a reporting bugs to Apple, but to most recent method he used of hiding code in an app just to prove the existence of a bug goes against his agreement with Apple. And now he complains and says he's angry with Apple. Seems pretty self-entitled to me.

  1. lockhartt

    Fresh-Faced Recruit

    Joined: Apr 2000

    +2

    Bug?

    Sneaking malicious code into an app isn't exactly a bug. Anybody can do that... it's just generally considered stupid to do so because it all traces back to you. People who want to run malicious code don't usually create a legitimate app to do so, at least not on iOS where sufficient documentation is required to verify identity, etc. On Android; however, it's ridiculously easy to create and post a malicious app. Let's see what kind of "bugs" he can find there :)

  1. facebook_Pete

    Via Facebook

    Joined: Nov 2011

    0

    Idiocy at its grandest..

    The guy find s a hole in the java engine of Nitro and decides to sneak an app that contains the exploit that then executes the malicious code. Then tells a bunch of his friends on Twitter what he has done then tells Apple. Then he says " I won't release the exploit until Apple fixes it" when he has already told a bunch of folks on Twitter and says he plans to put it into the Siri Port when its released along with a kernel exploit after a jailbreak is made stabled for untethered. What does this tell you about this guy and he's all smiley in this dam picture? Sigh.

  1. DerekMorr

    Fresh-Faced Recruit

    Joined: Mar 2010

    -1

    double standard?

    So let me see -- when malware occassionally slips into the Android Market, the comment threads light up slamming Android for being a poorly designed cesspool of insecurity.

    When malware slips into the App Store, the response is to call the author an idiot.

    Double standard much?

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    he's right

    If he just reported the bug or others made it public, the fanboys would just argue it was immaterial since it couldn't be exploited by anyone since the appstore would reject anything with that so the only ones with issues would be jailbreakers and that's what they get, yadda, yadda, yadda.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News