A malicious piece of software designed for iPhones and iPads has been innovated to presents that Apple's app store is not immune to malware.
The code was designed to look like a stock price tracker, but was also able to steal data.
Experts said that the proof-of-concept program was a "significant threat" to the app store.
Apple refused to comment. It also removed the app and barred the developer from its store.
The software was designed by security expert and hacker Charlie Miller to demonstrate Apple's vulnerabilities.
The firm accepted the program to its iTunes app store in September. Two months later Mr Miller revealed that it contained malware that could remotely download pictures and contacts.
"Until now you could be able to download everything from the app store and do not worry about it being malicious. Now you have no idea what an app might do," he said.
The InstaStock app took advantage of a recent update to Apple's mobile operating system which allowed non-approved code to be added to installed apps for the first time.
After some hour Mr Miller disclosed the flaw, he received an email from Apple which said he was barred from the iOS developer program for violating its terms and conditions.
He wrote on Twitter: "First they give researchers access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry."
Mr Miller has made something of a habit of exposing Apple's security flaws.
In 2009 he identified a bug in the iPhone's text-messaging system that allowed attackers to gain remote control over the devices.
He has since exposed other vulnerabilities in Apple's Mac and mobile platforms.
Mr Miller agrees to present his research at a security conference in Taiwan on 17 November 2011.
No comments:
Post a Comment