Apple sees off malicious app threat in iOS 5.0.1
Charlie Miller's discovery is addressed by Apple, but the researcher remains off the iOS developer programme.
Apple has closed off a flaw in iOS that allowed apps to get around code-signing rules on the App Store.
Charlie Miller uncovered the vulnerability affecting iPhones, iPods and iPads earlier this week, showing how it was possible to load an app up on to Apple's store and have it deploy malicious code.
His InstaStock app, which seemed to be a simple stock market application but actually watched over users and could steal data, managed to get on the App Store and exploit a bug in iOS.
A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks.
Miller was subsequently chucked off the iOS developer programme and the researcher claimed he was not to be allowed back for a year.
Apple has now released iOS 5.0.1, with a variety of fixes, including one covering up Miller's discovery.
"A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks," the Apple advisory read.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The update also included a fix for a software bug which was draining the battery of certain iPhones, according to reports. Apple promised a fix earlier this month after customers complained their iPhone 4S devices were losing power in just 12 hours. Overheating issues were also reported.
Apple has also fixed a flaw that allowed people to access data on the iPad 2 without having to enter a passcode.
"When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode," Apple said. "This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.