Skip to main content

iOS Bug Allows Malware to Be Sold in Apple App Store

According to Denver-based security consultant Charlie Miller, the Apple App store is vulnerable to infiltration by malware apps that can pose a significant risk to Apple customers. Miller, 4-time winner of the Pwn2Own hacking contest and an employee of security consulting firm Accuvant, managed to submit and gain Apple's approval to sell an app that exploited a previously unknown iOS bug.

The app, a fake stock ticker called "Instastock", works by exploiting an exception Apple made for the Safari browser with iPhone 4.3. Previously, all apps had to be signed in to its e-mart; any code not signed is subsequently rejected by iOS. With iPhone 4.3, the Safari browser itself  - functionally similar to any other app - was excluded from that requirement in order to expedite the execution of Javascript execution. Miller's fake stock ticker app spoofed Safari code, tricking iOS into waving it through customs, so to speak. Once installed, "Instastock" pings a server at Miller's home and requests to download additional software, proving that the App Store can be used to distribute malware to unsuspecting customers with surprising ease.

Though Miller may have done Apple an enormous favor by identifying an enormous vulnerability and making it public, a move likely to help Apple avoid the fate of the Android market, which has had a notorious problem with malware apps in the last year, Apple isn't having it. Yesterday, Miller tweeted that he'd been kicked out of Apple's iOS developer program. Miller claims to have informed Apple of the flaw in October, but didn't warn them about putting the App for sale (a move he insists was necessary to prove the flaw's seriousness).

He has now been officially banned from the iOS developer program for one full year. Probably for the best, as not having to worry about people helping to identify potential threats to their customers will give Apple more time to pursue vicious legal action against tiny competitors.

  • cumi2k4
    Didn't Apple heard of old adage "don't shoot the messenger"?
  • Scanlia
    I thought Apple was controlling and secure....
  • stonedatheist
    Banning a white hat hacker that is helping them find potential threats in their OS? Apple has sunk to a new low.
  • Goldengoose
    Apple and their actions just remind me of a child. Give them advice and they throw it back in your face, have something they don't and they throw a tantrum and ask mummy to sort it (the current state of patents and courts).
  • molo9000
    He shouldn't have made this public before Apple fixed it.
  • Technically speaking, he did contravene the terms and conditions of the agreement. What did he expect would happen? That Apple would welcome him into the fold/offer him a job in the security department and pat him on the head?
  • digisol1
    Looks to me he went and tried the proper channels and they were not receptive. To bad he is white hat, the skiddies will prolly leave apple alone - ask Sony how well it worked out for them when they went after geohot.
  • ojas
    i really appreciate anyone who exposes security flaws in Apple's software/devices because they keep acting like they're not vulnerable.
    Yesterday, Miller tweeted that he'd been kicked out of Apple's iOS developer program.
    While Google pays for each vulnerability that people discover in Chrome. I hope Miller embarrasses Apple real bad next time.
  • hetneo
    And people like to say that Apple's security policy is not "if you don't know about it, it will not hurt you".
  • house70
    scanliaI thought Apple was controlling and secure....No, it's just controlling.