Printed from http://www.electronista.com

iOS vulnerability leaving private photos, data at risk?

updated 06:20 pm EST, Mon November 7, 2011

Researcher claims to have spotted serious flaw

A researcher from computer security firm Accuvant claims to have unearthed a significant vulnerability in Apple's iOS operating system. The flaw allegedly leaves iOS devices open to malicious apps that pass through current App Store test criteria but allow hackers to upload unapproved commands. From remote servers, attackers can then access personal data, such as photos and messages, or instruct the device to play sounds or perform other functions.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check," the researcher, former NSA analyst Charlie Miller, told Forbes in an interview.

To validate his claims, Miller posted an app, titled Instastock, that demonstrated how his own servers could be used to manipulate an iPhone. After the story went public, however, Apple reportedly pulled the app from the store.

The vulnerability is said to be related to JavaScript handling changes that were brought with the iOS 4.3 update, though Miller has yet to fully disclose specifics surrounding the code.

Miller suggests the bug "basically reduces the security of iOS to that of Android." He is preparing to provide further details surrounding the vulnerability at the SysCan conference next week in Taiwan, effectively placing a time limit on Apple to release a fix.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. facebook_Peter

    Via Facebook

    Joined: Nov 2011

    +1

    serious

    Seems that this javascript is escaping the jailed environment and get an sensitive data.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Tesoro Tizona G2N Elite gaming keyboard

The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

Sponsor

toggle

Most Commented

 
toggle

Popular News