Malware spotted on iOS 5 – Are Apple’s standards slipping?

By Posted 8 Nov 2011, 04:27

We have some important news for iPhone users on iOS 5 now, as it has been confirmed that a user has managed to get malware running on the Apple App store, due to a new security flaw in iOS that has been exploited to highlight the problem.

This malware, disguised in applications has the ability to steal user data and also take control of various settings on iOS devices such as the iPhone and iPad, according to a report by Apple Insider.

The person who found the security flaw in iOS 5 and then exploited it by creating malware hidden in Apps is Charlie Miller, and although he has given Apple an opportunity to highlight the problem and fix it up in a future software update, he now finds himself banned from the App Store and has been removed from the iOS Developer Program as well.

Considering that no real damage was done to Apple, other than bad press – the move could and probably will be seen as very harsh. Apple has just released the latest beta of iOS 5 and the whole purpose of these tests are to find flaws like these that could become a serious problem for Apple, in the wrong hands that is, not hands of a hard working Apple researcher who also discovered a Macbook battery vulnerability and a Safari Mobile security hole.

In reality though, Apple are now aware of this problem and we’re guessing that they will be fixing this up asap in the next iOS software update. We have added a video below showing how the security flaw works specifically – You can see the potential dangers of this code-signing bug as the user can freely type away commands on a computer for an iOS device to follow instantly.

Firstly what are your thoughts on this bug – do you agree that it looks incredibly dangerous? Secondly, do you think it was right of Apple to ban the person who pointed out this flaw or not?

  • http://www.facebook.com/profile.php?id=100001441755602 Caleb Miller

    Why should he be banned if he promises not to use this to his advantage?

  • http://www.facebook.com/profile.php?id=100001441755602 Caleb Miller

    He Pointed out the flaw. (That Apple didnt know about)

    • Anonymous

      Yes, that was the point I was trying to make in the article. If anything, he should be rewarded for his hard work? On Miller’s Twitter account, you can read that the main reason he put this on the App Store was to point out that it was possible for the app to bypass Apple’s current security.

  • http://twitter.com/dodgebizkit Prof. Danny Dodge

    What’s funny is that everything that he’s just done on the iPhone will always be possible on any androidphone lol good luckto all those icecream suckage users out there, apple will fix this, google, by the nature of their store, can’t xD

  • TCowen

    It may be harsh, but the purpose is clearly to discourage developers from using the App Store as a live-test laboratory. If every bug found by people with inside access to Apple was live-tested by the developer, the App Store would become a scary place to visit. It seems that it would have been more reasonable to present the bug to Apple directly and allow them to patch it without the sensationalism and without exposing the exploit to a wider hacker base so others could expand on the principle and cause real damage before a patch can be found.

    Should he be re-instated? Probably. A temporary suspension would make the point without unnecessarily driving a good programmer to the wild side.