Discover Yahoo! With Your Friends

Explore news, videos, and much more based on what your friends are reading and watching. Publish your own activity and retain full control.

To get started, first

YOUR FRIENDS' ACTIVITY

    iOS app store security hole allows people to download dangerous apps

    By Mike Dunn | Digital Trends – Mon, Nov 7, 2011

    Apple reviews every app that is available in the app store to make sure it is safe to use. Forbes reported on Charlie Miller an Apple security researcher who found a way for seemingly safe app to turn evil. Miller created an app that was able to pass all of Apple’s review tests and was available on the app store. Apple has removed the app that Miller used as an example of the security hole, and has removed him from the Apple developer program.

    Miller’s app appeared as a run of the mill stock checking app which communicated with a server in his house. When the app was reviewed by Apple it looked like a normal app, and didn’t raise any red flags. The app uses security issues related to Apple’s mobile Safari app which allows apps to run code that wasn’t seen or approved by Apple.

    Miller demonstrates just how powerful this kind of app can be by downloading the app and showing how it looked to Apple’s review team. He then updates the app’s code on his computer and re-downloads the same program. Upon start up Miller was able to access all kinds of information stored on the phone. Miller says that he is able to download contacts and pictures stored on the phone, and all of this is done without the phone user having any idea what is going on.

    We have seen other security holes on Apple’s iOS devices, but nothing to this degree.  Many jailbreakers used a PDF exploit to easily jailbreak their phones.  Miller is scheduled to speak at a conference next week where he will further demonstrate how the exploit works, and hopes that Apple pays attention to fix the problem. Miller says that any app on the market would be able to use this technique to tap into users phones, and until Apple fixes the problem that any app can be a threat.

     

    This article was originally posted on Digital Trends

    More from Digital Trends

    Analyst says iPhone 5 was Steve Jobs’ last project; expected this summer

    Our favorite hidden features of iOS 5

    Apple iOS 5: Everything you need to know

    Square Card Case launches, skips signatures for purchases under $25

     
     
    Top Locations San Francisco Baton Rouge

    6 comments

    • PJ
      PJ  •  6 mths ago
      The guy embarrased them. So out with him. Its all about image not security to apple.
    • Curt
      Curt  •  San Francisco, United States  •  6 mths ago
      Stupid Apple, should have thanked the guy, but instead took him off the developer list.
    • Jonathan B
      Jonathan B  •  Baton Rouge, United States  •  6 mths ago
      Reminds me of Live Free Or Die Hard at least he presented the problem and they are listening
    • Watt
      Watt  •  6 mths ago
      hurm
    • Kira
      Kira  •  6 mths ago
      Basically the app in question is a valid app but it can access it's server and download new data which apparently is a kind of trojan. Good find there and it's just like Apple to remove the guy from the Apple apps dev. team.
    • brokendog
      brokendog  •  6 mths ago
      so android is the only os that can get bad apps!!! if human made some hacker human will get in
     Post a comment
    [ [ [['Connery is an experienced stuntman', 2]], 'http://yhoo.it/KeQd0p', '[Slideshow: See photos taken on the way down]', ' ', '630', ' ', ' ', ], [ [['Connery is an experienced stuntman', 7]], ' http://yhoo.it/KpUoHO', '[Slideshow: Death-defying daredevils]', ' ', '630', ' ', ' ', ], [ [['know that we have confidence in', 3]], 'http://yhoo.it/LqYjAX ', '[Related: The Secret Service guide to Cartagena]', ' ', '630', ' ', ' ', ], [ [['We picked up this other dog and', 5]], 'http://yhoo.it/JUSxvi', '[Related: 8 common dog fears, how to calm them]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 5]], 'http://bit.ly/JnoJYN', '[Related: Did WH share raid details with filmmakers?]', ' ', '630', ' ', ' ', ], [ [['accused of running a fake hepatitis B', 3]], 'http://bit.ly/KoKiqJ', '[Factbox: AQAP, al-Qaeda in Yemen]', ' ', '630', ' ', ' ', ], [ [['have my contacts on or glasses', 3]], 'http://abcn.ws/KTE5AZ', '[Related: Should the murder charge be dropped?]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 5]], 'http://yhoo.it/JD7nlD', '[Related: Bristol Palin reality show debuts June 19]', ' ', '630', ' ', ' ', ], [ [['have made this nation great as Sarah Palin', 1]], 'http://bit.ly/JRPFRO', '[Related: McCain adviser who vetted Palin weighs in on VP race]', ' ', '630', ' ', ' ', ], [ [['A JetBlue flight from New York to Las Vegas', 3]], 'http://yhoo.it/GV9zpj', '[Related: View photos of the JetBlue plane in Amarillo]', ' ', '630', ' ', ' ', ], [ [['the 28-year-old neighborhood watchman who shot and killed', 15]], 'http://news.yahoo.com/photos/white-house-stays-out-of-teen-s-killing-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120411/martinzimmermen.jpg', '630', ' ', 'AP', ], [ [['Titanic', 7]], 'http://news.yahoo.com/titanic-anniversary/', ' ', 'http://l.yimg.com/a/p/us/news/editorial/b/4e/b4e5ad9f00b5dfeeec2226d53e173569.jpeg', '550', ' ', ' ', ], [ [['He was in shock and still strapped to his seat', 6]], 'http://news.yahoo.com/photos/navy-jet-crashes-in-virginia-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/cv/ip/ap/default/120406/jet_ap.jpg', '630', ' ', 'AP', ], [ [['xxxxxxxxxxxx', 11]], 'http://news.yahoo.com/photos/russian-grannies-win-bid-to-sing-at-eurovision-1331223625-slideshow/', 'Click image to see more photos', 'http://l.yimg.com/a/p/us/news/editorial/1/56/156d92f2760dcd3e75bcd649a8b85fcf.jpeg', '500', ' ', 'AP', ] ]
    [ [ [['did not go as far his colleague', 8]], '29438204', '0' ], [ [[' the 28-year-old neighborhood watchman who shot and killed', 4]], '28924649', '0' ], [ [['because I know God protects me', 14], ['Brian Snow was at a nearby credit union', 5]], '28811216', '0' ], [ [['The state news agency RIA-Novosti quoted Rosaviatsiya', 6]], '28805461', '0' ], [ [['measure all but certain to fail in the face of bipartisan', 4]], '28771014', '0' ], [ [['matter what you do in this case', 5]], '28759848', '0' ], [ [['presume laws are constitutional', 7]], '28747556', '0' ], [ [['has destroyed 15 to 25 houses', 7]], '28744868', '0' ], [ [['short answer is yes', 7]], '28746030', '0' ], [ [['opportunity to tell the real story', 7]], '28731764', '0' ], [ [['entirely respectable way to put off the searing constitutional controversy', 7]], '28723797', '0' ], [ [['point of my campaign is that big ideas matter', 9]], '28712293', '0' ], [ [['As the standoff dragged into a second day', 7]], '28687424', '0' ], [ [['French police stepped up the search', 17]], '28667224', '0' ], [ [['Seeking to elevate his candidacy back to a general', 8]], '28660934', '0' ], [ [['The tragic story of Trayvon Martin', 4]], '28647343', '0' ], [ [['Karzai will get a chance soon to express', 8]], '28630306', '0' ], [ [['powerful storms stretching', 8]], '28493546', '0' ], [ [['basic norm that death is private', 6]], '28413590', '0' ], [ [['songwriter also saw a surge in sales for her debut album', 6]], '28413590', '1', 'Watch music videos from Whitney Houston ', 'on Yahoo! Music', 'http://music.yahoo.com' ], [ [['keyword', 99999999999999999999999]], 'videoID', '1', 'overwrite-pre-description', 'overwrite-link-string', 'overwrite-link-url' ] ]

    News For You

    Loading...