Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked
Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year.
The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.
Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:
Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.
Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.
“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”
Miller plans to present his findings at the SysCan conference in Taiwan next week.
Apple is aiming to hold its first fall event on Wednesday, September 7, reports Bloomberg's Mark Gurman. The event will focus on the iPhone 14 models and the Apple Watch Series 8.
The standard iPhone 14 models are expected to get few changes, but the iPhone 14 Pro models will include updated camera technology, the removal of the notch in favor of a pill-shaped and hole-punch cutout, an A16...
Apple today released iOS and iPadOS 15.6.1, minor updates to the iOS and iPadOS 15 operating systems initially released in September 2021. iOS 15.6.1 and iPadOS 15.6.1 come a month after Apple released iOS 15.6 and iPadOS 15.6 with new Live Sports features and bug fixes.
The iOS 15.6.1 and iPadOS 15.6.1 updates can be downloaded for free and the software is available on all eligible devices...
Apple's rumored 10th-generation iPad is currently in production and will feature "major" design changes, according to a report from Taiwanese website DigiTimes.
A mockup of the potential 10th-generation iPad design by Renders By Shailesh The report did not provide any specific details about the 10th-generation iPad's new design, but rumors suggest the device will feature a larger 10.5-inch...
Apple's second-generation AirPods Pro are finally nearing launch, with a release expected later this year. If you are considering upgrading to the new AirPods Pro once they are released, keep reading for a list of five new features to expect.
In addition to all-new features, the second-generation AirPods Pro will likely adopt some features added to the standard AirPods last year.
It's crazy to think about, but next month will mark five years since Apple announced the Apple Watch Series 3. Despite being a severely antiquated smartwatch, the Series 3 has remained at the bottom of Apple's lineup for $199.
Suppose you're still holding on to your Apple Watch Series 3. In that case, this article will list all the major new features and changes you'll get if you decide to...
Apple today seeded the sixth betas of upcoming iOS 16 and iPadOS 16 updates to developers for testing purposes, with the updates coming a week after Apple released the fifth developer betas.
Registered developers can download the iOS and iPadOS 16 profiles from the Apple Developer Center, and once installed, the betas will be available over the air.
iOS 16 introduces a revamped Lock...