OSNews:

OSNews: http://www.osnews.com/story/25309/iOS_Dev_Sneaks_Malware_Into_App_Store_Feels_Wrath_of_Apple Exploring the Future of Computing en-us Copyright 2001-2013, David Adams adam+nospam@osnews.com Fri, 24 May 2013 08:44:00 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com ... http://www.osnews.com/thread?496473 http://www.osnews.com/thread?496473 lol

What they should have done is hire the guy.Edited 2011-11-08 17:15 UTC Tue, 08 Nov 2011 17:14:00 GMT donotreply@osnews.com (Hiev) Comments Gutsy move http://www.osnews.com/thread?496474 http://www.osnews.com/thread?496474 I'd be worried that apple men dressed as feds would come to tear my place apart.

Tue, 08 Nov 2011 17:24:00 GMT donotreply@osnews.com (Alfman) Comments RE: Gutsy move http://www.osnews.com/thread?496475 http://www.osnews.com/thread?496475

I'd be worried that apple men dressed as feds would come to tear my place apart.

Heck even I regularly look over my shoulder. Tue, 08 Nov 2011 17:26:00 GMT donotreply@osnews.com (Thom_Holwerda) Comments RE: Gutsy move http://www.osnews.com/thread?496505 http://www.osnews.com/thread?496505 Or better yet, Fed's working for Apple.

Actually this guy could potentially face persecution for doing this. Not that he would deserve it but the pertinent law is so out of whack. Tue, 08 Nov 2011 19:46:00 GMT donotreply@osnews.com (kristoph) Comments I don't see the problem http://www.osnews.com/thread?496519 http://www.osnews.com/thread?496519 This guy knowingly violated the terms of service of the app store and is then surprised when he gets kicked out?

Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.

If he wants to get more publicity he could release the info to the public. Sure, this is a more effective publicity stunt, but the reaction from Apple is totally appropriate. Tue, 08 Nov 2011 20:56:00 GMT donotreply@osnews.com (leos) Comments Charlie Miller http://www.osnews.com/thread?496521 http://www.osnews.com/thread?496521 Ah.. Charlie Miller is a bit of a meveric. It's also unlikely Apple could entice him on to the payroll, as he is a general Security Researcher, not Apple specific. Tue, 08 Nov 2011 21:13:00 GMT donotreply@osnews.com (henderson101) Comments RE: I don't see the problem http://www.osnews.com/thread?496534 http://www.osnews.com/thread?496534

Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.

He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off". Tue, 08 Nov 2011 22:03:00 GMT donotreply@osnews.com (Thom_Holwerda) Comments RE[2]: I don't see the problem http://www.osnews.com/thread?496539 http://www.osnews.com/thread?496539

He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off".

The article says he reported the vulnerability to Apple. I wonder if he got any sort of response before publishing his app ... Tue, 08 Nov 2011 23:00:00 GMT donotreply@osnews.com (WorknMan) Comments RE[2]: I don't see the problem http://www.osnews.com/thread?496540 http://www.osnews.com/thread?496540

"Good on him for finding the security flaw. Good on him for reporting it to Apple. However that's as far as it should have gone. Sneaking in an app is way over the line, since he has actually compromised real devices.

He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off". "

In which case the responsible thing would have been to take down the app immediately after it was approved. But he didn't. Tue, 08 Nov 2011 23:01:00 GMT donotreply@osnews.com (rhavyn) Comments RE[2]: I don't see the problem http://www.osnews.com/thread?496598 http://www.osnews.com/thread?496598

He had to prove his exploit worked. Had he not done this, Apple would've simply said "our review process will catch it, so no problem, now bugger off". "

And that is their prerogative. The market will punish them if they ignore it and it leads to widespread exploits. Wed, 09 Nov 2011 06:33:00 GMT donotreply@osnews.com (leos) Comments Missing the point http://www.osnews.com/thread?496623 http://www.osnews.com/thread?496623 To the people saying that Apple did the right thing and he shouldn't complain about the ban: you are missing the point.

We've been told repeatedly that thanks to the review process whatever we download from the App Store is safe. Well, guess what? That is not the case and, think about it, how could it be? Even when the source code is available, auditing software is hard and, even if this was the case, with a gazillion apps on the store and (I suspect) only a handful or reviewers in the staff, how could they possibly catch everything?

In other words: you can't believe everything you hear (even if it comes from Apple) and a bit of caution is still advisable. In this respect iOS is no different from any other other platform: it's safer to stick to well known, reputable developers.

On a more technical note, it seems to me that Miller's application wasn't malware per se: the application behaved normally until he instructed it to download the malicious payload, didn't it?

RT. Wed, 09 Nov 2011 09:37:00 GMT donotreply@osnews.com (karunko) Comments Comment by zima http://www.osnews.com/thread?497276 http://www.osnews.com/thread?497276 What's really curious is how the claims of iOS safety persist despite often quite quick emergence of jailbreak-via-Safari - essentially, a root access exploit when accessing a random website. Tue, 15 Nov 2011 23:53:00 GMT donotreply@osnews.com (zima) Comments