iOS Prone to Malware

Mac iOS Malware

Any security system is considered totally safe and secure until the security is successfully breached. This holds true in the context of royal palace as well as your Mac.

Today, this can be said in the context of iOS which has a security flaw exposed now. This flaw can allow disguised malware to sneak into app store. The malware can bypass the strict security measures of Apple and steal user data.

Mac hacker and researcher Charlie Miller has found a way to sneak malware into app store. The flaw can also allow malware to take control of certain iOS functions.

Miller has explained that code signing restrictions allow only the commands approved by Apple to run in the memory of an iOS device. Submitted apps not following these rules are not allowed at app store. However Miller is said to have found a method according to which, it is possible for an app to download new unapproved commands from a remote computer, due to a bug in iOS code signing.

According to Miller, flaw was introduced when Apple introduced iOS 4.3 that increased the speed of browser by allowing javascript code from internet to run on a much deeper level in the memory of device, as compared to previous iterations of the iOS. Miller realized that the speed was in exchange to an exception made by Apple for the browser to run unapproved code. Miller found that the flaw could be expanded beyond the browser.

Miller created an app called Instastock to highlight the vulnerability of iOS. App was approved by Apple and distributed via app store. Appearing to be a stock ticker, this program could leverage the code signing bug to communicate with Miller’s server to pull unauthorized commands onto affected device. Program could initiate iOS functions like vibrating alerts and could also send Miller the user data like address book, photos, videos etc.

The app has been pulled and Miller has been banned from app store.

Do you think Apple can fix this flaw and provide solution to a problem? Or should Miller come up with a solution?

Source: Apple Insider

Leave a Reply

Your email address will not be published.