An iOS security exploit, unveiled by security researcher Charlie Miller, allows an app to download and execute unsigned code from a remote unknown server. What’s even more astonishing, to prove the exact details of this hack, Charlie Miller developed and submitted an app containing the exploit to Apple. The app was approved and available in the App Store. (It has since been removed, and Charlie Miller has also now been removed from the iOS developer program.)
Miller plans on demonstrating the exploit at the SysCan conference in Taiwan next week. In the mean time, take a look at the video below which shows the exploit in action. Using the app he can take a copy of a users address book, direct them to a YouTube video or steal photos from the device running the app.
We are sure Apple will be releasing a fix very soon to plug this exploit, now that it is out in the open!