Security expert sneaks malware past Apple's App Store

[Tom172]

A software flaw in iPhones and iPads could let hackers build apps that secretly install malware and still pass Apple's App Store vetting process, according to a security expert.

Accuvant Labs claims to have built a prototype malicious program that could be programmed to steal data or send text messages - and the app made it past Apple's security checks.

Read more

 

[moonshine]

Apple's getting really screwed lately.

 

[win7holic]

yes,
you are right Boxx.
Apple recently full of problems start from viruses. and, how the next months or next year?

 

[Jack]

Miller said over Twitter that Apple had removed the app from its store, and revoked his developer status. "Apple just kicked me out of the iOS Developer program. That's so rude," he tweeted. "First they give researchers access to developer programmes, (although I paid for mine) then they kick them out.. for doing research." Apple did not respond to requests for comment.

Maybe this guy should have first notify Apple about the flaw before making it public but even so kicking him out the iOS Developer program seems a harsh decision.
Google is paying good money for any bug or flaw that is reported in there platforms so maybe Apple should learn something from those guys.

 

[Dieselman]

Please pay attention to exactly what the article says. Two words give you a big clue. Those are "could" and "claims". Do not trust everything you read. None of this is actually happening. Its just some random guy who found a whole which "could" poss a threat. It does not mean Apple is in trouble or any person using an iPhone will get infected. Words to live by when read something like this.

"believe half of what you see and nothing that you hear"

 

[Deleted member 178]

"believe half of what you see and nothing that you hear"

it is very true.

 

[moonshine]

Thumbs up to that Maximus.

 

[AyeAyeCaptain]

Regardless of whether to believe or not, one cannot deny the "Apple Stance" on things, I think they've got their head in the sand and even more so with the Late Steve Jobs gone.

As I've said before, they're all going to have to get their act together sooner or later when the war begins properly between all of them.

 

[Dieselman]

Regardless of whether to believe or not, one cannot deny the "Apple Stance" on things, I think they've got their head in the sand and even more so with the Late Steve Jobs gone.

As I've said before, they're all going to have to get their act together sooner or later when the war begins properly between all of them.

Innocent until proven guilty. Until there is clear and proven facts its all hearsay. People read an article and believe everything it says. So I guess the tabloids are correct when they say "The President has been abducted by Aliens"

 

[AyeAyeCaptain]

Regardless of whether to believe or not, one cannot deny the "Apple Stance" on things, I think they've got their head in the sand and even more so with the Late Steve Jobs gone.

As I've said before, they're all going to have to get their act together sooner or later when the war begins properly between all of them.

Innocent until proven guilty. Until there is clear and proven facts its all hearsay. People read an article and believe everything it says. So I guess the tabloids are correct when they say "The President has been abducted by Aliens"

But he has!! Everyone knows he is brainwashed while the strings are been pulled by the Alien force in the shadows...

 

[Jack]

Please pay attention to exactly what the article says. Two words give you a big clue. Those are "could" and "claims". Do not trust everything you read. None of this is actually happening. Its just some random guy who found a whole which "could" poss a threat. It does not mean Apple is in trouble or any person using an iPhone will get infected. Words to live by when read something like this.

"believe half of what you see and nothing that you hear"

Very true, this isn't a real security risk for the Apple users but it's a bug that needs to be fixed.Apple has a history of hiding security flaws or bugs so that's why everyone is always surprised when they read something like this.

 

[Dieselman]

Its not a bug till its officially established by certified technicians.

 

[Jack]

Miller has created a video demonstrating the attack

 

[Ink]

iPad maker Apple has banned a rogue app from the iTunes App Store which was submitted by a security researchers to expose a vulnerability on Apple's platform.

The app, called InstaStock was submitted by Apple developer and security researcher Charlie Miller to the App Store.

The researcher had injected the app with a malware that sent user information to a server. The security flaw allowed the app to pass undetected from Apple's stringent App Store submission rules.

Miller, who plans on exposing the flaw at a security conference, next week, had his Apple developer account suspended for what he had done. The app, which was submitted to the App Store in September, allowed the researchers to steal user information.

http://www.itproportal.com/2011/11/09/apple-bans-charlie-millers-ios-vulnerability-exploiting-app/

Looks like this was active for 2 months, before Apple knew and removed it from the App Store.

 

[Hungry Man]

This makes perfect sense...

He put an app on the store that did something other than what it said it did. Any other dev would have gotten the same treatment, the fact that this also contained a POC only makes it worse.