Printed from http://www.electronista.com

iOS vulnerability leaving private photos, data at risk?

updated 06:20 pm EST, Mon November 7, 2011

Researcher claims to have spotted serious flaw

A researcher from computer security firm Accuvant claims to have unearthed a significant vulnerability in Apple's iOS operating system. The flaw allegedly leaves iOS devices open to malicious apps that pass through current App Store test criteria but allow hackers to upload unapproved commands. From remote servers, attackers can then access personal data, such as photos and messages, or instruct the device to play sounds or perform other functions.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check," the researcher, former NSA analyst Charlie Miller, told Forbes in an interview.

To validate his claims, Miller posted an app, titled Instastock, that demonstrated how his own servers could be used to manipulate an iPhone. After the story went public, however, Apple reportedly pulled the app from the store.

The vulnerability is said to be related to JavaScript handling changes that were brought with the iOS 4.3 update, though Miller has yet to fully disclose specifics surrounding the code.

Miller suggests the bug "basically reduces the security of iOS to that of Android." He is preparing to provide further details surrounding the vulnerability at the SysCan conference next week in Taiwan, effectively placing a time limit on Apple to release a fix.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Peter

    Via Facebook

    Joined: Nov 2011

    +1

    serious

    Seems that this javascript is escaping the jailed environment and get an sensitive data.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for years. Trackballs ...

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

Sponsor

toggle

Most Commented

 
toggle

Popular News