Apple has taken a much different approach to its App Store than rival Google, insisting on approving all applications to ensure security and consistency.
But a security researcher told Reuters that he has found an exploitable flaw in that could allow malicious users to “take data, send text messages or destroy information” from iPhones and iPads. Charlie Miller, a researcher working with Accuvant Labs, made a test app exploiting the flaw, and his program was approved by Apple’s App Store. He then posted a video showing his proof-of-concept app on YouTube.
Miller was able to program an app to download whatever other app he wanted it to once connected to his server. He reported the bug to Apple and said that the company is “fixing it”; the app has since been removed from the App Store. Apple did not immediately respond to a request for comment on the issue.
But Miller got a surprise of his own after news of the bug hit the news media: he was kicked out of Apple’s developer program and suspended for a year.