After reading an article of the same title from Digital Trend’s portal, all I can say is WTF?!? Apple security researcher Charlie Miller did Apple a big favor by showing them a huge vulnerability that can affect all their customers using their iTunes software to download apps.

Then they remove the app (which is understandable) but then removed him from the the Apple developer program. Wow … arrogant.

According to Digital Trends, Miller’s app appeared as a run of the mill stock checking app which communicated with a server in his house. When the app was reviewed by Apple it looked like a normal app, and did not raise any red flags. The app uses security issues related to Apple’s mobile Safari app which allows apps to run code that was not seen or approved by Apple.

Miller demonstrates just how powerful this kind of app can be by downloading the app and showing how it looked to Apple’s review team. He then updates the app’s code on his computer and re-downloads the same program.

Upon start up Miller was able to access all kinds of information stored on the phone. Miller says that he is able to download contacts and pictures stored on the phone, and all of this is done without the phone user having any idea what is going on.

Great work Charlie Miller! For doing something that could help protect iTunes users by showing Apple that there is something amiss. Yet, by removing you from their developer’s program is so uncool. Your app should ┬áhave wreaked havoc since your account got deleted anyway.

Related Posts Plugin for WordPress, Blogger...