From „White hat“ Charlie Miller was turned to „Black hat“
By Gina on November 9, 2011 | Vulnerabilities, Charlie Miller, Apple App Store, flaw in App Store, vulnerability in Apple App Store
On Monday, Apple researcher Charlie Miller was punished for finding flaw in Apple's restrictions on code signing on iOS devices which would allow hackers to use applications sneaked into the Application Store to download and run unsigned code.
For discovering such security vulnerability, Apple revoked Charlie Miller’s application developer license and suspended him for one year from Apple's developer program. Apple declares Charlie Miller violated the developer agreement that forbid him to "hide, misrepresent or obscure" his applications.
Security researcher is famous for finding bugs in popular Apple products that could be exploited by attackers for their malicious purposes. However, his latest finding caused him serious trouble. He created application which could download malware onto iPhones and iPads. To make things clear, he disguised his program as a stock ticker application and got it approved for distribution in Apple's App Store.
Charlie Miller believes all ideas and moves were necessary for proving Apple that the flaw is serious and it may infect mobile devices. He thinks Apple overreacted: “I'm helping them in many ways. What they're doing is making it harder for me to do that. I think it's an overreaction. No one was hurt by anything I did.” “Until they fix this flaw, you can't trust the App Store“, he added.
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
