|Charlie Miller sends a remote|
command to vibrate his iPhone
The embarrassing part of this news, for Apple, is that someone was able to sneak a potentially malicious application through its code auditing process.
iPhone users rely on Apple to check through all third-party programs for security issues. Once Apple has verified that an app is malware-free, and only then, it is allowed into the iPhone Apps Store.
Charlie Miller, a well-known security researcher, wrote a stock ticker app that contained a nasty surprise. Once installed it was able to download further code. This was software that Apple had not had a chance to check.
In a video demonstration, Miller shows how the Trojan would allow an attacker remote access to an iPhone. He downloads the address book and issues a command to make the unit vibrate from a reverse shell.
Reports suggest that Apple has retaliated by banning Miller from its iOS development program. Apparently he planned to present his findings, including a live exploitation of a phone, at the SysCan conference in Taiwan.
UPDATE (08/11/2011): SecurityWeek reports that the vulnerability is due to iOS not enforcing code signing for the Nitro JIT compiler.