Tag Archives: iOS

Scott Forstall, Apple’s Senior Vice President for iOS Software says that Apple are in the qualifying stages of providing turn by turn navigation on iOS for Australia. 

Security holes in iOS & flaws in Apple’s App Review Process

Legendary security researcher Charlie Miller has proven that the Apple App Store can be stocked with infected apps despite Apple’s closed ecosystem, strict code signing and code review process. He submitted a fake stock ticker app to Apple called Instastock as a proof-of-concept and this was accepted by Apple.

Instastock allowed Charlie to demonstrate the concept that once it was downloaded from the App Store, Instastock could ping and download another file to his server at home.

So what was Charlie’s exploit as we know that iOS typically only runs code that is signed?

With the release of iOS 4.3, Apple blundered by allowing Safari to run unsigned code due to latency experienced with JavaScript execution. Charlie therefore exploited this flawed security design decision by tricking iOS into assuming that his app was mobile Safari and therefore executing any code segment he wished. He noted that all versions of iOS from 4.3 to the recently released 5.0 contained the bug.

Charlie notified Apple about this bug almost 3 weeks ago but not the fact that he had actually published Instastock to prove the vulnerability. He tweeted yesterday – “For the record, without a real app in the AppStore, people would say Apple wouldn’t approve an app that took advantage of this flaw.”

Apple reacted by banning Charlie’s Apple Developer account for a year.

It is interesting to note that within the US market, Apple has taken the lead again in Smartphone growth (though Apple lags in share of market). Given that Android growth has stalled, this leads me to wonder if Android has already hit the second inflection point on the adoption S-curve.