iOS Security Exploit Allows Apps To Execute Malicious Code

Video where Miller demonstates this exploit

According to Forbes, security specialist Charlie Miller has found an exploit on iOS devices, which allows developers to put malware apps onto the App Store without detection. These malware apps can be used to steal user’s contacts, photo and other information, play a ringtone, make the device vibrate and more at any time the developer chooses.

Next week at the SysCan conference in Taiwan Miller plans to give more details on the exploit and present a method for using this flaw. Miller is not a novice to Mac and iOS security and in 2008 he broke into the MacBook Air through Safari’s exploit in two minutes.

Now it appears that any app in App Store could be used for malicious ends. So it is recommended to keep away from unknown developers and apps until the company issues a fix for the flaw.

Millier’s developer account on the App Store has been closed and his apps have been removed as a result of his research.