Dan Goodin reports:
Charlie Miller, the serial hacker who has exposed more than a dozen critical vulnerabilities in Apple’s Mac and mobile platforms, was kicked out of the company’s iOS developer program after publishing an application that demonstrated a serious new bug in iPhones and iPads.
Miller’s InstaStock app, which was accepted into the iTunes App Store in September, bills itself as a program that tracks stock prices in real time. On Monday, Miller announced that the app contained a secret hack that bypassed protections built into iOS devices that prevent code from running on them unless it has been signed by Apple’s official cryptographic seal.
As a result, Miller was able to endow InstaStock with powerful capabilities that were never approved during the app store application process, including the ability to remotely download pictures and contacts stored on an iPhone or iPad that has the app installed.
Read more on The Register.
Ah, my fears about apps have been reinforced, it seems. Although Miller may be one of the good guys, who knows what else is going on out there?