Printed from http://www.electronista.com

iOS vulnerability leaving private photos, data at risk?

updated 06:20 pm EST, Mon November 7, 2011

Researcher claims to have spotted serious flaw

A researcher from computer security firm Accuvant claims to have unearthed a significant vulnerability in Apple's iOS operating system. The flaw allegedly leaves iOS devices open to malicious apps that pass through current App Store test criteria but allow hackers to upload unapproved commands. From remote servers, attackers can then access personal data, such as photos and messages, or instruct the device to play sounds or perform other functions.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check," the researcher, former NSA analyst Charlie Miller, told Forbes in an interview.

To validate his claims, Miller posted an app, titled Instastock, that demonstrated how his own servers could be used to manipulate an iPhone. After the story went public, however, Apple reportedly pulled the app from the store.

The vulnerability is said to be related to JavaScript handling changes that were brought with the iOS 4.3 update, though Miller has yet to fully disclose specifics surrounding the code.

Miller suggests the bug "basically reduces the security of iOS to that of Android." He is preparing to provide further details surrounding the vulnerability at the SysCan conference next week in Taiwan, effectively placing a time limit on Apple to release a fix.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Peter

    Via Facebook

    Joined: Nov 2011

    +1

    serious

    Seems that this javascript is escaping the jailed environment and get an sensitive data.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News