iPhone Security Flaw May Allow Apps to Execute Arbitrary Code, Bypass Approval

iPhone Security Flaw May Allow Apps to Execute Arbitrary Code, Bypass Approval

Developers of third-party iPhone Apps may have a way to circumvent Apple's iTunes App Store approval process for their updated Apps by executing arbitrary code from within their own applications whenever they choose to do so.

The newly discovered exploit reveals itself via a technique discovered by developer Patrick Collison and is documented on his blog. Essentially, Collison, discovered a workaround that allows for the display of dynamic default.png images. These images load whenever apps are launched on the iPhone. An Xcode Project demoing the exploit can be downloaded and a video demoing the exploit can be found on the blog.

Some developers believe that this feature would be of utility to programmers, others deem it a flaw because it can be used as an exploit to update and execute arbitrary code regardless of content whenever the developer chooses to do so.

How Apple decides to handle this issue remains to be seen. Since this flaw could be used by the developer to circumvent the App Store's approval process, the company may choose to close eliminate the dynamic-image functionality and hence close the hole.

Currently there is no evidence that any third party App has taken advantage of this exploit to run any malicious code.
Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Everything you can expect at Apple's Sept. 9th event

Apple is expected to throw the kitchen sink at us with new iPhones, iPads, a new Apple TV and MacBooks. We'll breakdown what you can expect to see.

by Brian Tong