Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. ... The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.
Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:
Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.
Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.
“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”
Miller plans to present his findings at the SysCan conference in Taiwan next week.
Friday September 19, 2025 10:02 am PDT by Joe Rossignol
As reported by Bloomberg today, some of the new iPhone 17 Pro and iPhone Air models on display at Apple Stores today are already scratched and scuffed.
French blog Consomac also reported on this topic.
The scratches appear to be most prominent on models with darker finishes, including the iPhone 17 Pro and Pro Max in Deep Blue, and the iPhone Air in Space Black.
Images Credit: Consoma ...
Monday September 22, 2025 12:44 pm PDT by Juli Clover
Apple released the first beta of iOS 26.1 today, just a week after launching iOS 26. iOS 26.1 mainly adds new languages to Apple Intelligence, but there are a few other features that are worth knowing about.
New Apple Intelligence Languages
Apple Intelligence is now available in Danish, Dutch, Norwegian, Portuguese (Portugal), Swedish, Turkish, Chinese (Traditional), and Vietnamese.
AirPo...
Monday September 22, 2025 2:16 am PDT by Tim Hardwick
Next year's rumored foldable iPhone will showcase an ultra-thin design resembling "two titanium iPhone Airs side-by-side," according to Bloomberg's Mark Gurman.
Writing in the Q&A section of his latest Power On newsletter, Gurman says Apple's first foldable device will be "super thin and a design achievement," combining Apple's thinnest iPhone form factor with cutting-edge folding...
Monday September 22, 2025 11:15 am PDT by Juli Clover
With iOS 26.1, Apple Intelligence is gaining support for additional languages, including Danish, Dutch, Norwegian, Portuguese (Portugal), Swedish, Turkish, Chinese (Traditional), and Vietnamese.
Apple announced plans to expand the languages that can be used with Apple Intelligence last year, and now the added language support is here. Apple Intelligence is now available in the following...
Monday September 22, 2025 8:44 am PDT by Joe Rossignol
Apple's latest iPhone models launched on Friday, and some early adopters of the devices are experiencing intermittent Wi-Fi issues.
Affected customers say Wi-Fi connectivity periodically cuts out on the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air, with hundreds of comments about the issue posted across the MacRumors Forums, Reddit, and the Apple Support Community over the...
Thursday September 18, 2025 9:17 am PDT by Joe Rossignol
Apple is preparing to release iOS 26.0.1, according to a private account on X with a proven track record of sharing information about future iOS versions.
The update will have a build number of 23A350, or similar, the account said.
It is likely that iOS 26.0.1 will fix a camera-related bug on the new iPhone Air and iPhone 17 Pro models. In his iPhone Air review, CNN Underscored's Henry T. ...
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...
Charlie is a smart guy who makes some really stupid decisions.
Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.