Printed from http://www.electronista.com

iOS vulnerability leaving private photos, data at risk?

updated 06:20 pm EST, Mon November 7, 2011

Researcher claims to have spotted serious flaw

A researcher from computer security firm Accuvant claims to have unearthed a significant vulnerability in Apple's iOS operating system. The flaw allegedly leaves iOS devices open to malicious apps that pass through current App Store test criteria but allow hackers to upload unapproved commands. From remote servers, attackers can then access personal data, such as photos and messages, or instruct the device to play sounds or perform other functions.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check," the researcher, former NSA analyst Charlie Miller, told Forbes in an interview.

To validate his claims, Miller posted an app, titled Instastock, that demonstrated how his own servers could be used to manipulate an iPhone. After the story went public, however, Apple reportedly pulled the app from the store.

The vulnerability is said to be related to JavaScript handling changes that were brought with the iOS 4.3 update, though Miller has yet to fully disclose specifics surrounding the code.

Miller suggests the bug "basically reduces the security of iOS to that of Android." He is preparing to provide further details surrounding the vulnerability at the SysCan conference next week in Taiwan, effectively placing a time limit on Apple to release a fix.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Peter

    Via Facebook

    Joined: Nov 2011

    +1

    serious

    Seems that this javascript is escaping the jailed environment and get an sensitive data.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

SMS Audio Sync Sport on-ear headphones

When hitting the gym or going out for a trail run, headphones can cause a number of problems. From the ear buds getting slimy with swe ...

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Sponsor

toggle

Most Commented

 
toggle

Popular News