Hacker Runs Unsigned Code on iOS Thanks To Security Vulnerability

Apple, as you know, has always been very proud of the way the iPhone handles security but a hacker has found a major iPhone security vulnerability that allows unsigned code to run on iOS.
Forbes has reported that security researcher Charlie Miller has released a video that shows one of Apple’s iPhones executing unsigned code. In simple terms, he has made the iPhone do things that Apple never authorized. What Miller did was make a simple stock checker app that he had approved with the App Store. Running this app in the normal way doesn’t do anything that it shouldn’t, but when Miller activates something on a server the app accesses he get access to the iPhone remotely and is able to launch apps, make the iPhone vibrate, browse the iPhone’s file system and even download the contents of the address book. This type of flaw could create a lot of nightmares for people.

Apple has since removed the app from the App Store and Miller has not released information on how this hack works. He is giving Apple the chance to plug the hole in iOS 5.0.1. He did however; state that the flaw is part of Nitro, a JavaScript engine added in iOS 4.3.

This information in the wrong hands could means that malicious users could get an app through Apple’s review process and then systematically steal data from people’s iPhones worldwide. Apple is working hard on their iOS 5.0.1 release where they are hoping to solve the current battery issues and we are sure they will be working on this security issue too. Charlie Miller has released a video showing what he was able to achieve so if you want to know exactly what this security vulnerability could mean take a look below.

codesigning:


No comments:

Post a Comment