Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. ... The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like.
Beyond discovering the bug, Miller went a step further and actually had an App submitted to the App Store which took advantage of this bug. The App was approved and was able to perform as expected:
Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.
Shortly after the news broke, Apple revoked Miller's developer account, citing a breach of the developer agreement.
“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”
Miller plans to present his findings at the SysCan conference in Taiwan next week.
Apple is planning some of the "biggest iOS and macOS redesigns in its history," according to Bloomberg's Mark Gurman.
In his Power On newsletter today, Gurman reiterated that iOS 19 will have a visionOS-like design with more transparent interfaces:The new interfaces will adopt the design principles introduced in visionOS, the software for Apple's Vision Pro headset. That includes greater...
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
In an investor research note today with British bank Barclays, analyst Tim Long said Apple's first foldable iPhone could have a starting price in the $2,300 range in the United States, which would make it by far the most expensive iPhone model ever.
If the first foldable iPhone starts at $2,299, that means it would cost nearly twice as much as the iPhone 16 Pro Max, which starts at $1,199.
...
Apple prototyped a larger ultra-slim iPhone 17 Air with a 6.9-inch display, but ultimately decided not to go ahead with the device because of fears that it could be susceptible to bending, according to a new report.
Bloomberg reporter Mark Gurman, writing in his latest Power On newsletter:
When it first started work on the phone, it prototyped a device with a 6.9-inch screen — matching...
While the iPhone 18 Pro models are still around a year and a half away from launching, there are already some early rumors about the devices.
Below, we recap some key iPhone 18 Pro rumors so far.
Under-Screen Face ID
In April 2023, display industry analyst Ross Young shared a roadmap showing that iPhone 17 Pro models would feature under-display Face ID. In May 2024, however, Young said ...
The iOS 18.3.2 update that Apple released last week appears to have broken iCloud Mail for some users. There are multiple complaints on Reddit and the MacRumors forums from users who say that iCloud Mail is not able to push new iCloud emails to their iPhones after the iOS 18.3.2 update.
Affected users say that despite having the correct settings enabled, new iCloud emails are not showing up...
All four iPhone 17 models launching later this year will feature an upgraded 24-megapixel front-facing camera, according to analyst Jeff Pu.
In a research note today with investment firm GF Securities, Pu shared a chart in which he reiterated that the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max will each be equipped with a 24-megapixel front camera. By comparison, all four ...
Bloomberg's Mark Gurman today shared some new details about the rumored iPhone 17 Air.
In his Power On newsletter, Gurman said he was told that the device may start at roughly $899 in the U.S., which means that it would occupy the same price point as the iPhone 16 Plus. This would make sense, as it has been widely rumored that the Air model will take over the Plus model's spot in the iPhone...
Meanwhile Google is handing out bounties for stuff like this. Because why would you want to get (almost) free help from industry-leading professionals? Submitting it to the App Store probably wasn't the way to go, though.
It's one thing to find a security hole and professionally inform Apple, quite another to write an app to exploit it and announce you will tell the works how to do it in a conference in a week...
Charlie is a smart guy who makes some really stupid decisions.
Professional developers disclose issues in iOS to Apple through secure channels all the time without this media madness.
Security researcher Charlie Miller revealed earlier today that he had found an exploit in Apple's iOS software that allows an App to run arbitrary code. Apple generally approves all code that is submitted to the AppStore and forbids the execution of un-approved code, but Miller discovered a way to bypass this restriction. Forbes writes:
