Mac and iOS security researcher Charlie Miller discovered a flaw in Apple’s code signing system. Using this exploit, Miller said that, “you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
The vulnerability is as follows:
According to the Forbes article linked above, “The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants.” Once this was made public, Apple removed the app, and has also revoked Miller’s membership in Apple’s iOS developer program.
Miller did break Apple’s rules, but he also highlighted what could be a very serious flaw in the way iOS applies code signing. In doing so, he has exposed a vulnerability that needs to be patched in order to protect iOS users. Miller will be presenting this vulnerability next week at the SyScan conference in Taiwan.