From a security and virus-prevention perspective, it helps that every app you download onto your iPhone or iPad comes from one source: the Apple App Store. But what happens if an app itself is compromised but has been cleared as safe by Apple?
Charlie Miller, whom Forbes playfully calls a "serial Mac hacker" and Ars Technica calls a "security researcher", planted a "sleeper app" in the App Store, which would allow the app to run unsigned code. Forbes reported that he will demonstrate his hack next week at the SysCan conference.
But very quickly after his hack around the system was announced, Miller had his Apple developer's license revoked for a year. Ars Technica reports that Apple operating systems are designed only to run code that is "digitally signed by the developer" and developers receive a special security clearance from Apple's Developer Program. Ars Technica continues with this explanation
"MobileSafari is allowed to have a single special region of memory to write JIT code to memory and allow it to execute," Miller explained. "Only MobileSafari is supposed to have this." Miller said that even this entitlement is well-protected. If MobileSafari were hacked, it couldn't create an additional executable area of memory, and it couldn't affect other apps outside of its sandbox.
The problem that Miller discovered is actually a flaw in the part of iOS that checks to make sure that only MobileSafari has the special ability to create an area of memory that is both writeable and executable. "That allowed my app to create its own special area of memory to download and run unsigned code."
So basically, as Miller told Forbes, almost anything on the app store could be compromised. But Reuters (via Huffington Post) reports that as far as everyone knows this vulnerability hasn't been taken advantage of.
With regard to being kicked off the app developer cohort, a separate post by Forbes reports Miller as essentially saying it wouldn't have happened as such under previous management:
“I miss Steve Jobs,” he says. “He never kicked me out of anything.”
Miller, works for Accuvant Labs as a researcher, has given Apple a heads up about several security flaws in their products over the last few years. According to Apple's letter revoking Miller's privileges, reported by Forbes, they believed he had violated his agreement to not “hide, misrepresent or obscure” any part of the app.