Researcher claims to have spotted serious flaw

A researcher from computer security firm Accuvant claims to have unearthed a significant vulnerability in Apple's iOS operating system. The flaw allegedly leaves iOS devices open to malicious apps that pass through current App Store test criteria but allow hackers to upload unapproved commands. From remote servers, attackers can then access personal data, such as photos and messages, or instruct the device to play sounds or perform other functions.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” the researcher, former NSA analyst Charlie Miller, told Forbes in an interview.

To validate his claims, Miller posted an app, titled Instastock, that demonstrated how his own servers could be used to manipulate an iPhone. After the story went public, however, Apple reportedly pulled the app from the store.

The vulnerability is said to be related to JavaScript handling changes that were brought with the iOS 4.3 update, though Miller has yet to fully disclose specifics surrounding the code.

Miller suggests the bug "basically reduces the security of iOS to that of Android." He is preparing to provide further details surrounding the vulnerability at the SysCan conference next week in Taiwan, effectively placing a time limit on Apple to release a fix.

By Electronista Staff