Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked

charliemillerSecurity researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:

Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year.
...
The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.

Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:

Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.

“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”

Miller plans to present his findings at the SysCan conference in Taiwan next week.

Popular Stories

iphone 16 pro ghost hand

5 Reasons to Skip This Year's iPhone 17 Pro

Thursday July 10, 2025 4:54 am PDT by
Apple will launch its new iPhone 17 series in two months, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming...
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 8 U.S. States

Tuesday July 8, 2025 11:26 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Unfortunately, this feature continues to roll out very slowly since it was announced in 2021, with only nine U.S. states, Puerto Rico,...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro to Reverse iPhone X Design Decision

Monday July 7, 2025 9:46 am PDT by
Since the iPhone X in 2017, all of Apple's highest-end iPhone models have featured either stainless steel or titanium frames, but it has now been rumored that this design decision will be coming to an end with the iPhone 17 Pro models later this year. In a post on Chinese social media platform Weibo today, the account Instant Digital said that the iPhone 17 Pro models will have an aluminum...
iPhone 17 Pro in Hand Feature Lowgo

Leaker Reveals Amount of RAM in iPhone 17 Through iPhone 17 Pro Max

Wednesday July 9, 2025 8:08 am PDT by
Three out of four iPhone 17 models will feature more RAM than the equivalent iPhone 16 models, according to a new leak that aligns with previous rumors. The all-new iPhone 17 Air, the iPhone 17 Pro, and the iPhone 17 Pro Max will each be equipped with 12GB of RAM, according to Fixed Focus Digital, an account with more than two million followers on Chinese social media platform Weibo. The...
apple account card feature

Apple Account Card Expanding to More Countries

Tuesday July 8, 2025 7:34 pm PDT by
Apple is expanding the ability to add an Apple Account Card to the Wallet app to more countries, according to backend Apple Pay changes. With iOS 15.5, Apple updated the Wallet app to allow users to add an Apple Account Card, which displays the Apple credit balance associated with an Apple ID. If you receive an Apple gift card, for example, it is added to an Apple Account that is also...
macbook pro blue green

M5 MacBook Pro No Longer Coming in 2025

Thursday July 10, 2025 12:38 pm PDT by
Apple does not plan to refresh any Macs with updated M5 chips in 2025, according to Bloomberg's Mark Gurman. Updated MacBook Air and MacBook Pro models are now planned for the first half of 2026. Gurman previously said that Apple would debut the M5 MacBook Pro models in late 2025, but his newest report suggests that Apple is "considering" pushing them back to 2026. Apple is now said to be...
iOS 26 Feature

Everything New in iOS 26 Beta 3

Monday July 7, 2025 1:20 pm PDT by
Apple is continuing to refine and update iOS 26, and beta three features smaller changes than we saw in beta 2, plus further tweaks to the Liquid Glass design. Apple is gearing up for the next phase of beta testing, and the company has promised that a public beta is set to come out in July. Transparency In some apps like Apple Music, Podcasts, and the App Store, Apple has toned down the...
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive These Five Perks

Wednesday July 9, 2025 9:20 am PDT by
If you pay for iCloud storage on your iPhone, did you know that Apple offers you five perks beyond the extra storage space, at no additional cost? Here are the perks included with all iCloud+ plans:Private Relay keeps your Safari browsing history entirely private from network providers, websites, and even Apple. Hide My Email generates unique, random email addresses whenever needed. Hom...

Top Rated Comments

Fazzy Avatar
179 months ago
I guess he should have told apple about it instead of submitting that app
Score: 61 Votes (Like | Disagree)
miles01110 Avatar
179 months ago
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
Score: 43 Votes (Like | Disagree)
thewitt Avatar
179 months ago
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...

Charlie is a smart guy who makes some really stupid decisions.

Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.
Score: 33 Votes (Like | Disagree)
ChazUK Avatar
179 months ago
https://twitter.com/#!/0xcharlie/status/133739410662494208

For the record, without a real app in the AppStore, people would say Apple wouldn't approve an app that took advantage of this flaw.

That pretty much explains why he submitted the app for approval.

I have no doubt that many would have said this wouldn't have got through if he simply revealed the flaw without submitting an app.
Score: 23 Votes (Like | Disagree)
iJanne Avatar
179 months ago
If you read the source article, the guy reported the bug to Apple a month ago.

----------

This makes Apple look pretty bad. And if he had submitted the bug what are the chances Apple would have responded in a timely manner if at all?

He submitted the bug to Apple on Oct 17 according to the source article.
Score: 22 Votes (Like | Disagree)
applebook Avatar
179 months ago
I wasn't aware that Google rewarded people for exploiting their security flaws without their consent. :rolleyes:

No company or person likes to be exploited. Miller should have revealed the findings instead of trying to take advantage of the flaw.
Score: 22 Votes (Like | Disagree)