Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. ... The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.
Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:
Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.
Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.
“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”
Miller plans to present his findings at the SysCan conference in Taiwan next week.
Bloomberg's Mark Gurman has high expectations for Apple's first foldable iPhone.
In his Power On newsletter today, he said the foldable iPhone will be "the most significant overhaul in the iPhone's history."
"iPhone 4, iPhone 6 and iPhone X were clearly a big deal, but this is a whole new design," he said.
Like Samsung's Galaxy Z Fold 7, the foldable iPhone will reportedly open up like ...
March has been an incredibly busy month for Apple, with the company unveiling more than 10 new products and accessories. We said hello to the MacBook Neo at the start of the month, and we bid farewell to the Mac Pro at the end of it.
Nevertheless, there is still a lot more to come this year.
Beyond the usual annual updates to iPhones and Apple Watches, Apple's all-new smart home hub is...
Saturday March 28, 2026 8:00 am PDT by Joe Rossignol
Apple is expected to release two new iPhone apps this year, including an Apple Business app and a Siri app with chatbot-like functionality.
With the Apple Business app, employees at businesses using the new Apple Business platform will be able to install apps for work, view contact information for colleagues, and request support. Apple Business is launching on April 14, and it replaces Apple ...
Bloomberg's Mark Gurman has high expectations for Apple's first foldable iPhone.
In his Power On newsletter today, he said the foldable iPhone will be "the most significant overhaul in the iPhone's history."
"iPhone 4, iPhone 6 and iPhone X were clearly a big deal, but this is a whole new design," he said.
Like Samsung's Galaxy Z Fold 7, the foldable iPhone will reportedly open up like ...
March has been an incredibly busy month for Apple, with the company unveiling more than 10 new products and accessories. We said hello to the MacBook Neo at the start of the month, and we bid farewell to the Mac Pro at the end of it.
Nevertheless, there is still a lot more to come this year.
Beyond the usual annual updates to iPhones and Apple Watches, Apple's all-new smart home hub is...
Saturday March 28, 2026 8:00 am PDT by Joe Rossignol
Apple is expected to release two new iPhone apps this year, including an Apple Business app and a Siri app with chatbot-like functionality.
With the Apple Business app, employees at businesses using the new Apple Business platform will be able to install apps for work, view contact information for colleagues, and request support. Apple Business is launching on April 14, and it replaces Apple ...
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...
Charlie is a smart guy who makes some really stupid decisions.
Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.
Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
