Security expert sneaks malware past Apple's App Store

Status
Not open for further replies.
Tom172

Tom172

Level 1
Thread author
Feb 11, 2011
1,009
29
32
A software flaw in iPhones and iPads could let hackers build apps that secretly install malware and still pass Apple's App Store vetting process, according to a security expert.

Accuvant Labs claims to have built a prototype malicious program that could be programmed to steal data or send text messages - and the app made it past Apple's security checks.
Click to expand...

Read more
 
Miller said over Twitter that Apple had removed the app from its store, and revoked his developer status. "Apple just kicked me out of the iOS Developer program. That's so rude," he tweeted. "First they give researchers access to developer programmes, (although I paid for mine) then they kick them out.. for doing research." Apple did not respond to requests for comment.
Click to expand...

Maybe this guy should have first notify Apple about the flaw before making it public but even so kicking him out the iOS Developer program seems a harsh decision.
Google is paying good money for any bug or flaw that is reported in there platforms so maybe Apple should learn something from those guys.
 
Please pay attention to exactly what the article says. Two words give you a big clue. Those are "could" and "claims". Do not trust everything you read. None of this is actually happening. Its just some random guy who found a whole which "could" poss a threat. It does not mean Apple is in trouble or any person using an iPhone will get infected. Words to live by when read something like this.

"believe half of what you see and nothing that you hear"
 
Regardless of whether to believe or not, one cannot deny the "Apple Stance" on things, I think they've got their head in the sand and even more so with the Late Steve Jobs gone.

As I've said before, they're all going to have to get their act together sooner or later when the war begins properly between all of them.
 
AyeAyeCaptain said:
Regardless of whether to believe or not, one cannot deny the "Apple Stance" on things, I think they've got their head in the sand and even more so with the Late Steve Jobs gone.

As I've said before, they're all going to have to get their act together sooner or later when the war begins properly between all of them.
Click to expand...

Innocent until proven guilty. Until there is clear and proven facts its all hearsay. People read an article and believe everything it says. So I guess the tabloids are correct when they say "The President has been abducted by Aliens"
 
Maximus said:
AyeAyeCaptain said:
Regardless of whether to believe or not, one cannot deny the "Apple Stance" on things, I think they've got their head in the sand and even more so with the Late Steve Jobs gone.

As I've said before, they're all going to have to get their act together sooner or later when the war begins properly between all of them.
Click to expand...

Innocent until proven guilty. Until there is clear and proven facts its all hearsay. People read an article and believe everything it says. So I guess the tabloids are correct when they say "The President has been abducted by Aliens"
Click to expand...

But he has!! Everyone knows he is brainwashed while the strings are been pulled by the Alien force in the shadows... :P
 
Maximus said:
Please pay attention to exactly what the article says. Two words give you a big clue. Those are "could" and "claims". Do not trust everything you read. None of this is actually happening. Its just some random guy who found a whole which "could" poss a threat. It does not mean Apple is in trouble or any person using an iPhone will get infected. Words to live by when read something like this.

"believe half of what you see and nothing that you hear"
Click to expand...
Very true, this isn't a real security risk for the Apple users but it's a bug that needs to be fixed.Apple has a history of hiding security flaws or bugs so that's why everyone is always surprised when they read something like this. :)
 
Miller has created a video demonstrating the attack

 
Last edited:
iPad maker Apple has banned a rogue app from the iTunes App Store which was submitted by a security researchers to expose a vulnerability on Apple's platform.

The app, called InstaStock was submitted by Apple developer and security researcher Charlie Miller to the App Store.

The researcher had injected the app with a malware that sent user information to a server. The security flaw allowed the app to pass undetected from Apple's stringent App Store submission rules.

Miller, who plans on exposing the flaw at a security conference, next week, had his Apple developer account suspended for what he had done. The app, which was submitted to the App Store in September, allowed the researchers to steal user information.
Click to expand...

http://www.itproportal.com/2011/11/09/apple-bans-charlie-millers-ios-vulnerability-exploiting-app/

Looks like this was active for 2 months, before Apple knew and removed it from the App Store.
 
This makes perfect sense...

He put an app on the store that did something other than what it said it did. Any other dev would have gotten the same treatment, the fact that this also contained a POC only makes it worse.
 
Status
Not open for further replies.

You may also like...