One of the main features of the Apple app store is that each application must be tested and verified before being sold, ensuring that no malicious code will be used.
However, Charlie Miller discovered a way to introduce malicious code and get data and information from apple device using an application that passed all tests of the company.
Miller took advantage of a flaw present in the relationship between applications and the Safari browser to load a code without the user noticing. It created an application called InstaStock, with which the hacker could view the contacts and photos from a phone, play sounds, and even control the vibration of the equipment.
The hacker was announced this discovery to a week before Syscan conference in Taiwan, where it will do a live demonstration of the failure. Apple, however, regret that this information has been made public before talking to them, so they removed the application and revoked his developer license.
0 comments:
Post a Comment