Security Researcher Plants Malware in Apple App Store
Charlie Miller got a fake app approved that could be used to control an iPhone or iPad, or to steal data from it.
Accuvant researcher Charlie Miller recently demonstrated that a bug in iOS can allow malware-infected apps to be accepted into Apple's App Store.
"Miller built a fake stock ticker app, dubbed 'Instastock,' as a proof-of-concept, then submitted it to Apple, who approved and placed it in the App Store in September," writes Computerworld's Gregg Keizer.
"Instastock exploited the bug Miller discovered to ping a server at his home and request to download another file," Keizer writes. "While Miller did not stock his server with such a file -- except briefly for demonstration and testing purposes -- it proved the app could secretly download rogue code. Such 'malware' could conceivably issue commands to an iPhone or iPad, stealing contacts and photos, turning on the device's camera or microphone, or sending text messages."
Go to "Researcher plants rogue app in Apple's App Store" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.