Apple's App Store has a Security Flaw - The UpStream

Apple's App Store has a Security Flaw

posted Saturday Nov 12, 2011 by Nicholas DiMeo

Apple's App Store has a Security Flaw

It was just before the summer earlier this year that we finally saw the Apple lovers of the world admit that their computers can get viruses, too. The same could not be said for their iOS mobile devices, though, as Apple's closed platform has led to no security breaches or attacks.

That is, until now. The shiny, circa 2007 iPhone 4S has already run into several battery issues that they have not addressed yet. Now, they run into even bigger problems.

The beloved iOS system has been found to be severely flawed. A hole has been discovered that allows outside control of iPhone and iPad apps, which can be used to steal contacts and photos, and send text and MMS, all unbeknownst to the user.

Accuvant's security researcher, Charlie Miller, released this information this week, stating that Apple's completely monitored App Store isn't as secure as it claims to be.

Until now, you could just blindly trust and download as many apps as you wanted and not worry about it. But until they fix this, you really should think twice about any apps you're downloading, because they could be malicious.

Miller apparently informed Apple of this issue over three weeks ago, but has not said anything other than a "fix is in the works." Because of this, Miller will be demonstrating how the flaw happens at SyScan, a security conference in Taiwan. This is to bring awareness to the bug, and by explaining the details behind it, he thinks it will prevent hackers taking advantage of unsuspecting Apple owners.

Fun fact here: Discovery of this flaw has caused Miller to be banned from the iOS developer program for one year.

I think it's pretty rude. If you think about what I'm doing -- I'm pointing out a flaw that would affect everybody and that the bad guys could use to install malware. And they're not paying me, I'm just doing it to be nice.

You should've let them sink their own ship, Charlie. Granted, I know you uploaded an app called Instastock, that allowed you to harm your own devices to prove the theory and test your concept, but we all know (aside from Apple, apparently) that you meant no harm behind that. Miller's app has been removed from the App Store.

This seems to be par for the course for Apple, though. If you find a bug, they will do anything they can to hide it, like it never even happened. There's one small problem with that, and it's this thing called the Internet that tries to reveal the truth behind the cover up. I guess Apple's rigorous testing methods on each app before it hits their Store isn't as tough as everyone thought it was. Still, the security is better than that of Google's Android Market, which is just filled with security holes and breaches, partly due to the open-access policy with their app approval process.

Advertisement

Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!
PLUGHITZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats