Researcher Reveals Security Vulnerability in iOS; Demos It In Apple Approved App; Gets Booted From A
^_^
Posts: 4,429
Researcher Reveals Security Vulnerability in iOS; Demos It In Apple Approved App; Gets Booted From App Store
Security researcher and a former National Security Agency analyst - Charlie Miller has revealed that he has found a major security vulnerability in iOS that could allow malicious code to be executed on the iOS device, which could be used by the attacker to steal the user’s photos, read contacts, make the phone vibrate or play sounds etc.
Forbes reports:
Comments
-
-
At the end of the day he has found a flaw within IOS, surely apple should be thankful of this and not be taking action against his findings by kicking him off the developer program? :S
-
So this is it untethered jailbreak by Apple lol :P
-
He did it the wrong way, and for a quick fifteen minutes of fame. That's all. Had he approached this differently, he'd still have a dev license.
-
So why dont we use this app to bust the iphone wide open. if this can be used to inject cydia into the iphone at a very low memory level then surely the iphone can boot as normal assisting in a untethered jailbreak!
-
I think Apple should have hired him. He found a pretty serious flaw.
-
No, he shouldn't have been booted off. Firstly, he didn't show how the vulnerabilty can be done and used. He just showed the vulnerability of how it can be used. Secondly, he presented his findings to Apple after his demonstration so that the flaw can be patched. If he really wanted to he could have not mentioned it and let the application stay there afterall it already passed Apple's quality control department being it was available at the App Store.
-
Oh no, is this the Android copying effect.
-
The guy is an asshole.He should have hold off revealing the vulnerability to the public until Apple has a reasonable chance to fix it.Of course, if Apple has not response within a reasonable timeline, then, and only then that he should decide to go public. Not before.
-
Couldn't jailbreakers take advantage of this and make the app download jailbreak script?
-
Maybe it's a good thing and ha will now develop for JB apps if he does not do it yet :-). This always how it goes with despotic type companies. They tend to still think the harder they hit the less people will mess with their flows.Remember when the French banking cards was cracked open by a security specialist.... They trialed him for discovering it instead of thanking him to save their asses. He could have been very rich if he had it used for himself!....Being honest..... Maybe not always. :-)
-
The thing is he released this app on the appstore where anyone can download, so really in the process he gave himself access to other peoples phones who had also download his app. So the way he went about doing it was wrong. It's one thing demonstrating a security flaw giving yourself remote access to your own phone but it's another giving yourself access to any phone that has the app. He should have instead contacted apple and reported it as a bug. Though he may not have used it to gain access to others people phones, it was still wrong of him.
-
Not anymore since apple is now aware of the issue. But even before it would only allow for only a hand full of people to jailbreak their phones before the app would be pulled from the appstore and the jailbreakers developer accounts were banned.
-
What makes you think he would work for Apple? He used to work for the NSA, dude. Apple couldn't pay him enough.
-
once an app has been signed by apple then it can be downloaded anywhere and installed via itunes, this is discovery is big.its a bit like jailbreakme.com once its out there only a firmware update can fix it and seeing as this relates to an app not a flaw in the firmware i doubt without changing the signing process and having to re-sign every app out there, i dont think this can just be fixed.he should release this app to jailbreaking community so we can run scripts of our choosing to get cydia back into a untethered enviroment!
-
why would you want this guy making app for you...are you an idiot? you did just see what he did right?
