Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked

charliemillerSecurity researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:

Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year.
...
The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.

Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:

Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.

“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”

Miller plans to present his findings at the SysCan conference in Taiwan next week.

Popular Stories

iphone 16 pro models 1

Here's How the iPhone 17 Pro Max Will Compare to the iPhone 17 Pro

Saturday July 5, 2025 1:00 pm PDT by
Apple should unveil the iPhone 17 series in September, and there might be one bigger difference between the Pro and Pro Max models this year. As always, the Pro Max model will be larger than the Pro model:iPhone 17 Pro: 6.3-inch display iPhone 17 Pro Max: 6.9-inch displayGiven the Pro Max is physically larger than the Pro, it has more internal space, allowing for a larger battery and...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro to Reverse iPhone X Design Decision

Monday July 7, 2025 9:46 am PDT by
Since the iPhone X in 2017, all of Apple's highest-end iPhone models have featured either stainless steel or titanium frames, but it has now been rumored that this design decision will be coming to an end with the iPhone 17 Pro models later this year. In a post on Chinese social media platform Weibo today, the account Instant Digital said that the iPhone 17 Pro models will have an aluminum...
imac video apple feature

Apple Launching These 15+ Products Later This Year

Sunday July 6, 2025 8:05 am PDT by
The calendar has turned to July, meaning that 2025 is now more than half over. And while the summer months are often quiet for Apple, the company still has more than a dozen products coming later this year, according to rumors. Below, we have outlined at least 15 new Apple products that are expected to launch later this year, along with key rumored features for each. iPhone 17 Series iPho...
iOS 26 Feature

Everything New in iOS 26 Beta 3

Monday July 7, 2025 1:20 pm PDT by
Apple is continuing to refine and update iOS 26, and beta three features smaller changes than we saw in beta 2, plus further tweaks to the Liquid Glass design. Apple is gearing up for the next phase of beta testing, and the company has promised that a public beta is set to come out in July. Transparency In some apps like Apple Music, Podcasts, and the App Store, Apple has toned down the...
iPhone Car Key Kia

Here's Which Vehicles Offer iPhone Car Keys

Sunday July 6, 2025 3:03 pm PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. Apple has a web page with a list of vehicle models that ...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...
iphone 17 pro render majin bu

New iPhone 17 Pro Renders Highlight Apple Logo and MagSafe Design Changes

Sunday July 6, 2025 8:43 pm PDT by
New renders today provide the best look yet relocated Apple logo and redesigned MagSafe magnet array of the iPhone 17 Pro and iPhone 17 Pro Max. Image via Majin Bu. Several of the design changes coming to the iPhone 17 Pro model have been rumored for some time, such as the elongated camera bump that spans the full width of the device, with the LiDAR Scanner and flash moving to the right side. ...
iPhone 14 Pro Dynamic Island

iPhone 17 Models Rumored to Feature Redesigned Dynamic Island

Monday July 7, 2025 7:38 am PDT by
iPhone 17 models will feature a redesigned Dynamic Island user interface, according to a post today from Digital Chat Station, an account with more than three million followers on Chinese social media platform Weibo. The account has accurately leaked some information regarding future Apple products in the past. The account did not share any specific details about the alleged changes that are ...
Prime Day 25 Feature Warm Triad

The Best Prime Day Deals on AirPods, iPads, MacBooks, and More

Monday July 7, 2025 10:55 am PDT by
Amazon is back with its annual summertime Prime Day event, lasting for four days from July 8-11, the longest Prime Day yet. As it does every year, Prime Day offers shoppers a huge selection of deals across Amazon's storefront. With the event now underway, we're tracking numerous all-time low prices on Apple gear right now. Note: MacRumors is an affiliate partner with Amazon. When you click a...

Top Rated Comments

Fazzy Avatar
178 months ago
I guess he should have told apple about it instead of submitting that app
Score: 61 Votes (Like | Disagree)
miles01110 Avatar
178 months ago
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
Score: 43 Votes (Like | Disagree)
thewitt Avatar
178 months ago
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...

Charlie is a smart guy who makes some really stupid decisions.

Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.
Score: 33 Votes (Like | Disagree)
ChazUK Avatar
178 months ago
https://twitter.com/#!/0xcharlie/status/133739410662494208

For the record, without a real app in the AppStore, people would say Apple wouldn't approve an app that took advantage of this flaw.

That pretty much explains why he submitted the app for approval.

I have no doubt that many would have said this wouldn't have got through if he simply revealed the flaw without submitting an app.
Score: 23 Votes (Like | Disagree)
iJanne Avatar
178 months ago
If you read the source article, the guy reported the bug to Apple a month ago.

----------

This makes Apple look pretty bad. And if he had submitted the bug what are the chances Apple would have responded in a timely manner if at all?

He submitted the bug to Apple on Oct 17 according to the source article.
Score: 22 Votes (Like | Disagree)
applebook Avatar
178 months ago
I wasn't aware that Google rewarded people for exploiting their security flaws without their consent. :rolleyes:

No company or person likes to be exploited. Miller should have revealed the findings instead of trying to take advantage of the flaw.
Score: 22 Votes (Like | Disagree)