App Store / iOS Code Signing Security Flaw [Video]
Proof of concept demo of iOS security hole by security expert Charlie Miller.
Video: Remote Arbitrary Code Execution Hole
Forbes reports security expert Charlie Miller demonstrates how to run unsigned code on iPhone. The newly discovered security hole let him bypass iPhone / App Store code signing, and allows rogue app developer to download code from remote servers.
At the SysCan conference in Taiwan next week, Miller plans to present his newly discovered method.
Apple iOS vs. Google Android Security
5 months ago, security researcher Jon Oberheide already demonstrated how to build an Android mobile botnet using holes in Google’s Android software.
What does it mean?
- The iOS security exploit is not revealed at this time. No malware developer can use it.
- Using Angry Birds is a bad example, because major developers won’t risk being banned to sneak in malicious code.
- All jailbreaks are essentially using some kind of exploit like this. The thing is, jailbreak community use it for good since introduction of iPhone in 2007.
- Could be used for jailbreak iOS 5.
So iOS is temporary down to the security level of Android, but with major differences:
- Apple App Store will filter out new apps attempting to use this hole, starting NOW. In contrast, Android’s open wasteland does not filter malicious apps until it’s too late. Android has already suffered from waves of phishing and other malicious software.
- Apple will patch the hole in all iOS devices for good in a few weeks, while Android users are stuck with their fragmented and insecure devices possibly forever.
Charlie Miller’s developer account is already suspended and the demo app removed from the Apple App Store.
- Cydia “PDF Loading Warner” Helps Prevent iOS Security Hole Exploit
- Android apps including those in Google Play Store vulnerable to MitM remote code execution exploit
- Cydia’s Saurik Fixes PDF Exploit on Jailbreaked & Older iOS Devices
- Download Links: iOS 5.0.1 Firmware Battery Life Issue Fix (Updated)
- iOS 5.1 Safari Addressbar URL Spoofing Security Problem