Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. ... The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.
Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:
Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.
Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.
“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”
Miller plans to present his findings at the SysCan conference in Taiwan next week.
Thursday September 11, 2025 4:01 am PDT by Tim Hardwick
Apple's new Live Translation feature for AirPods will be off-limits to millions of European users when it arrives next week, with strict EU regulations likely holding back its rollout.
Apple says on its feature availability webpage that "Apple Intelligence: Live Translation with AirPods" won't be available if both the user is physically in the EU and their Apple Account region is in the EU....
Tuesday September 9, 2025 12:23 pm PDT by Joe Rossignol
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries.
The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple:
Bahrain
Canada
Guam
Japan
Kuwait
Mexico
Oman
Qatar
Saudi Arabia
United Arab Emirates
Un...
Friday September 12, 2025 6:11 am PDT by Joe Rossignol
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began at 5 a.m. Pacific Time in the U.S. and many other countries today. If you have yet to place a pre-order, you might face a longer wait now, depending on your desired configuration.
As of shortly after 6 a.m. Pacific Time today, nearly all iPhone 17 Pro Max configurations on Apple's online store in the U.S. are facing ...
Wednesday September 10, 2025 12:30 am PDT by Joe Rossignol
Apple held its annual iPhone event on Tuesday, September 9, to unveil the iPhone 17, ultra-thin iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max.
All of the new iPhone models will be available to pre-order starting Friday, September 12 at 5 a.m. Pacific Time / 8 a.m. Eastern Time in the U.S. and dozens of other countries, according to Apple. The release date for the devices is one week...
Wednesday September 10, 2025 8:33 am PDT by Joe Rossignol
While the iPhone 18 Pro and iPhone 18 Pro Max are still a year away, there are already a few rumors about the devices that offer an early look ahead.
If you are skipping the iPhone 17 Pro and want to know about what to expect from the iPhone 18 Pro models, we have recapped a few of the key rumors below.
Under-Screen Face ID
In April 2023, display industry analyst Ross Young shared a...
Tuesday September 9, 2025 10:59 am PDT by Joe Rossignol
Apple today introduced the iPhone 17 Pro and iPhone 17 Pro Max.
Both devices feature a new aluminum unibody design, with the Ceramic Shield now protecting both the front and back sides. Apple says the front side is now Ceramic Shield 2, which offers 3x better scratch resistance, while the rear Ceramic Shield is advertised as 4x more resistant to cracks compared to the back glass on previous...
Wednesday September 10, 2025 3:53 pm PDT by Juli Clover
With the iPhone 17 Pro and 17 Pro Max, Apple introduced a new design for the rear of the device. Instead of a camera bump, we now have a camera plateau that spans almost the entire back of the iPhone. The camera plateau houses an upgraded camera system that includes a revamped Telephoto lens.
All three of the iPhone 17 Pro and Pro Max cameras are 48 megapixels, and there are five zoom...
Tuesday September 9, 2025 1:25 pm PDT by Joe Rossignol
Apple has confirmed the battery capacities for the iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max models that were announced earlier today.
Apple is required to publish energy labels on its iPhone product pages in the EU, and they reveal the official mAh battery capacities for the devices.
Here are the battery capacities for each model, according to Apple:
iPhone 17:...
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...
Charlie is a smart guy who makes some really stupid decisions.
Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.
Biggest design overhaul since iOS 7 with Liquid Glass, plus new Apple Intelligence features and improvements to Messages, Phone, Safari, Shortcuts, and more.
Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
