Security Researcher Reveals iOS Security Flaw, Gets Developer License Revoked

charliemillerSecurity researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:

Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year.
...
The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.

Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:

Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.

“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”

Miller plans to present his findings at the SysCan conference in Taiwan next week.

Top Rated Comments

Fazzy Avatar
162 months ago
I guess he should have told apple about it instead of submitting that app
Score: 61 Votes (Like | Disagree)
miles01110 Avatar
162 months ago
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
Score: 43 Votes (Like | Disagree)
thewitt Avatar
162 months ago
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...

Charlie is a smart guy who makes some really stupid decisions.

Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.
Score: 33 Votes (Like | Disagree)
ChazUK Avatar
162 months ago
https://twitter.com/#!/0xcharlie/status/133739410662494208

For the record, without a real app in the AppStore, people would say Apple wouldn't approve an app that took advantage of this flaw.

That pretty much explains why he submitted the app for approval.

I have no doubt that many would have said this wouldn't have got through if he simply revealed the flaw without submitting an app.
Score: 23 Votes (Like | Disagree)
iJanne Avatar
162 months ago
If you read the source article, the guy reported the bug to Apple a month ago.

----------

This makes Apple look pretty bad. And if he had submitted the bug what are the chances Apple would have responded in a timely manner if at all?

He submitted the bug to Apple on Oct 17 according to the source article.
Score: 22 Votes (Like | Disagree)
applebook Avatar
162 months ago
I wasn't aware that Google rewarded people for exploiting their security flaws without their consent. :rolleyes:

No company or person likes to be exploited. Miller should have revealed the findings instead of trying to take advantage of the flaw.
Score: 22 Votes (Like | Disagree)

Popular Stories

iOS 18 Siri Integrated Feature

iOS 18 Will Add These New Features to Your iPhone

Friday April 12, 2024 11:11 am PDT by
iOS 18 is expected to be the "biggest" update in the iPhone's history. Below, we recap rumored features and changes for the iPhone. iOS 18 is rumored to include new generative AI features for Siri and many apps, and Apple plans to add RCS support to the Messages app for an improved texting experience between iPhones and Android devices. The update is also expected to introduce a more...
Delta Feature

Delta Game Emulator Now Available From App Store on iPhone

Wednesday April 17, 2024 9:58 am PDT by
Game emulator apps have come and gone since Apple announced App Store support for them on April 5, but now popular game emulator Delta from developer Riley Testut is available for download. Testut is known as the developer behind GBA4iOS, an open-source emulator that was available for a brief time more than a decade ago. GBA4iOS led to Delta, an emulator that has been available outside of...
iOS NES Emulator Bimmy Feature

NES Emulator for iPhone and iPad Now Available on App Store [Removed]

Tuesday April 16, 2024 11:33 am PDT by
The first approved Nintendo Entertainment System (NES) emulator for the iPhone and iPad was made available on the App Store today following Apple's rule change. The emulator is called Bimmy, and it was developed by Tom Salvo. On the App Store, Bimmy is described as a tool for testing and playing public domain/"homebrew" games created for the NES, but the app allows you to load ROMs for any...
iGBA Feature

Apple Removes Game Boy Emulator iGBA From App Store Due to Spam and Copyright Violations

Sunday April 14, 2024 9:22 pm PDT by
Apple today said it removed Game Boy emulator iGBA from the App Store for violating the company's App Review Guidelines related to spam (section 4.3) and copyright (section 5.2), but it did not provide any specific details. iGBA was a copycat version of developer Riley Testut's open-source GBA4iOS app. The emulator rose to the top of the App Store charts following its release this weekend,...
iPhone 15 Pro Action Button Translate

All iPhone 16 Models to Feature Action Button, But Usefulness Debated

Tuesday April 16, 2024 6:54 am PDT by
Last September, Apple's iPhone 15 Pro models debuted with a new customizable Action button, offering faster access to a handful of functions, as well as the ability to assign Shortcuts. Apple is poised to include the feature on all upcoming iPhone 16 models, so we asked iPhone 15 Pro users what their experience has been with the additional button so far. The Action button replaces the switch ...
iGBA Feature

Game Boy Emulator for iPhone Now Available in App Store Following Rule Change [Removed]

Sunday April 14, 2024 8:06 am PDT by
A week after Apple updated its App Review Guidelines to permit retro game console emulators, a Game Boy emulator for the iPhone called iGBA has appeared in the App Store worldwide. The emulator is already one of the top free apps on the App Store charts. It was not entirely clear if Apple would allow emulators to work with all and any games, but iGBA is able to load any Game Boy ROMs that...