iPhone Security Flaw May Allow Apps to Execute Arbitrary Code, Bypass Approval

iPhone Security Flaw May Allow Apps to Execute Arbitrary Code, Bypass Approval

Developers of third-party iPhone Apps may have a way to circumvent Apple's iTunes App Store approval process for their updated Apps by executing arbitrary code from within their own applications whenever they choose to do so.

The newly discovered exploit reveals itself via a technique discovered by developer Patrick Collison and is documented on his blog. Essentially, Collison, discovered a workaround that allows for the display of dynamic default.png images. These images load whenever apps are launched on the iPhone. An Xcode Project demoing the exploit can be downloaded and a video demoing the exploit can be found on the blog.

Some developers believe that this feature would be of utility to programmers, others deem it a flaw because it can be used as an exploit to update and execute arbitrary code regardless of content whenever the developer chooses to do so.

How Apple decides to handle this issue remains to be seen. Since this flaw could be used by the developer to circumvent the App Store's approval process, the company may choose to close eliminate the dynamic-image functionality and hence close the hole.

Currently there is no evidence that any third party App has taken advantage of this exploit to run any malicious code.
About the author
 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)
Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)
CNET's 15 favorite How Tos of 2014
CNET's 15 most popular How Tos of 2014