A multisource video news service that highlights nuances in reporting from media outlets around the world.

 

(Image: Cult of Mac / Forbes)
 

BY JIM FLINK

 

Don’t bite into Apple the wrong way. It just might bite you back. That’s the lesson Charlie Miller learned when he recently discovered, and publicly shared, how to get malware past Apple’s app development team. Gizmodo reports...

 

“Charlie Miller exposed a threat to the security of iOS devices by creating an app that could exploit a javascript exception in mobile Safari. The exception allowed the download of malicious code after an app has already been accepted into the App Store.”

 

Now, it’s one thing to do it yourself. It’s a whole ‘nuther thing to share it on YouTube. Here’s Charlie.

 

CHARLIE MILLER: “What I’ve found allows apps in the app store to download new code and run it, even if it’s not signed, and even if it hasn’t been checked by Apple.  So you can imagine downloading a nice app like Angry Birds, but instead of just being Angry Birds, it actually can download and do anything it wants”

 

Shortly after posting that video, and Forbes picking up the report, Charlie got a rude surprise. Tweeting...

 

“OMG, Apple just kicked me out of the iOS Developer program. That's so rude!”

 

Not sure what Charlie expected to get from Apple.  A bouquet and a thank you card? Cult of Mac says, while Charlie didn’t actually plant malware, he planted a seed of an idea by showing how to do so on such a public forum.

 

“Miller has been hacking Apple’s products for years, and this most recent bug is a particularly nefarious exploit that could be used for all kinds of evil purposes. Charlie Miller is one of the good guys, however. ... As a respected security researcher with a track record of exploiting Apple’s products, one could argue that Miller could have reported the exploit to Apple directly instead of planting a malicious app in the App Store.”

 

Cult of Mac also notes, because Apple is viewed as so malware-proof, this is a big chink in Apple’s seemingly otherwise spotless armour and image. But Daring Fireball notes, it warned of exactly this kind of breach in April. Noting, it kind of goes with the territory.

 

“It’s a trade-off. Most OSes allow marking memory pages as executable for performance reasons. iOS disallows it for security reasons. If you allow for pages of memory to be escalated from writable to executable (even if you require the page be made permanently read-only first), then you are enabling the execution of unsigned native code. It breaks the chain of trust.”

 

Fireball says, with iOS 4.3, Apple traded faster performance for the possibility of security breaches. So is Charlie a villain or a savior? The Verge asks a bigger question. Given its response, which role is Apple playing?

 

“...it still strikes us as draconian when the man’s trying to alert Apple to the problem instead of exploiting it for his own gain.”

 

Engadget notes, now that he’s opened Pandora’s Box, Charlie isn’t finished talking yet. He’s traveling to a huge tech conference in Taiwan to tell all.  While Apple scrambles to control the damage.

 

“He’ll be explaining his method in more detail next week at SysCan, but until the hole is confirmed closed we'd probably keep a tight leash on our app store browsing.”

 

Transcript by Newsy.

Login|Register|Newsy Blog|Press|Mobile
HOME
|
WORLD
|
U.S.
|
POLITICS
|
BUSINESS
|
TECH
|
ENTERTAINMENT
|
SCI/HEALTH
|
SPORTS

Tech News: iOS Developer Finds Security Flaw, Kicked Out of Program

iOS Developer Finds Security Flaw, Kicked Out of Program

November 8, 2011
(2:57)
RSS Feeds
Share
iOS Developer Charlie Miller exposed a security flaw in Apple devices. He was kicked out of the program. Right move by Apple?
   
Sources:GizmodoYouTubeForbesTwitterCult of MacDaring FireballThe ViewEngadget
TRANSCRIPT
EMBEDSHARECOMMENTS

To leave a comment, please log in with Facebook Connect or your Newsy account. Register here to create one.
MOST RECENT|MOST POPULAR|MOST COMMENTED|HIGHEST RATED

Pope's Butler Arrested Over Leaked Vatican Documents
The Pope's butler is accused of leaking confidential Vatican files to Italian media.
WORLD
Pope's Butler Arrested Over Leaked Vatican...
(1:35)
May 26, 2012
Alternate Juror Flirts with John Edwards
A female juror has been outwardly flirting with John Edwards during his trial - and Edwards has actually been responding.
POLITICS
Alternate Juror Flirts with John Edwards
(1:17)
May 26, 2012
Top News Headlines: Obama to Honor Vets on Memorial Day
More headlines: Memorial Day gas prices lower, yet still high; Experts suspicious of Iran's nuke program; Southeast braces for Beryl.
WORLD
Top News Headlines: Obama to Honor Vets on...
(1:25)
May 26, 2012
49ers' QB Smith Criticized for Cam Newton Comments
Smith downplayed the Panther's QB's accomplishments last year, which wasn't too popular with Newton's teammates.
SPORTS
49ers' QB Smith Criticized for Cam Newton Comments
(2:04)
May 26, 2012
Syrian Crisis Continues with Massacre in Houla
An attack on the Syrian town of Houla killed at least 90 people on Saturday, including around 25 children.
WORLD
Syrian Crisis Continues with Massacre in Houla
(1:28)
May 26, 2012
New York School Cancels Prom Condom Giveaway
A high school in New York planned to give out 500 condoms at prom to promote safe sex, but the principal changed his mind.
U.S.
New York School Cancels Prom Condom Giveaway
(1:55)
May 26, 2012
10-year-old Regains Hearing with Cochlear Implant
The implant works like a traditional hearing aid, but with higher auditory success.
SCI/HEALTH
10-year-old Regains Hearing with Cochlear Implant
(1:49)
May 26, 2012
Video from Google's Project Glass Released
Google released the first video from its Project Glass reality headset.
TECH
Video from Google's Project Glass Released
(1:15)
May 26, 2012
Top News Headlines: At Least 90 Dead in Syrian Attacks
More headlines: Drone strike kills suspected militants; Shooting spree in Finland; Pope's butler arrested.
WORLD
Top News Headlines: At Least 90 Dead in Syrian...
(1:21)
May 26, 2012
Facebook Looking to Build Own Browser?
The social media giant may be interested in acquiring Opera Software, and grabbing their own browser in the process.
TECH
Facebook Looking to Build Own Browser?
(1:29)
May 26, 2012
Nearly One Third Of Olympic Tickets Remain Unsold
Nearly a third of the London 2012 Olympic event tickets remain unsold.
SPORTS
Nearly One Third Of Olympic Tickets Remain Unsold
(1:29)
May 26, 2012
Skydiver Survives Jump Without Parachute
A video of Gary Connery skydiving from 2,400 feet in the air without a parachute has gone viral.
SPORTS
Skydiver Survives Jump Without Parachute
(1:49)
May 26, 2012
15-Year-Old Boy Invents New Way to Detect Cancer
A 15-year-old Maryland boy won a $75,000 prize for inventing a dipstick sensor that can detect pancreatic cancer.
SCI/HEALTH
15-Year-Old Boy Invents New Way to Detect Cancer
(1:53)
May 26, 2012
Prehistoric Flutes Date Back 40,000 Years
When scientists reanalyzed prehistoric artifacts from Germany, they discovered modern humans may have been in Europe earlier than previously thought.
SCI/HEALTH
Prehistoric Flutes Date Back 40,000 Years
(1:43)
May 26, 2012
More Videos
What is Newsy?

Meet the Newsy Team

Newsy in the News

COMMUNITY

Join & Comment

Share Your Story Ideas

Sign Up for Newsyletter

Newsy Blog

afghanistananalysisapplebarack obamabusiness newschinacongressdemocratseconomyentertainment newsfacebookgooglegopgovernmenthealth newsmediamilitarymultisourcenewsnewsyobamapakistanpolicepoliticspolitics newspresidentpresident obamarepublicanscience newssports newstech newstechnologyterrorismtwitteru s newsunited statesus newsvideovideo newsworld news

Newsy

Home
Login
Register
About Newsy
RSSRSS Feeds
Team
Links
Newsy Blog
Sitemap
Support / FAQ
Privacy Policy
RSS Sitemap
Terms of Use
Contact Us
© 2012 Newsy.com. All Rights Reserved.
www2