Snappy newsletters. Simple Facebook sharing. Spirited comments. Sweet features are waiting… GET THEM NOW!

Apple Boots Developer Who Exposed Security Hole

Finding App Store bug costs Charlie Miller his license

By Rob Quinn, Newser Staff

Posted Nov 8, 2011 3:24 AM CST | Updated Nov 8, 2011 3:42 AM CST

(Newser) – Security guru Charlie Miller found himself kicked out of Apple's developer program just hours after he announced that he had found a major security flaw. Miller discovered a hole that allows iPhone and iPad applications to grab potentially malicious code from third-party servers even after they have been approved and gone live on the App Store, Forbes reports.

Miller, who has reported dozens of bugs to Apple over the years, tested the flaw with a stock-ticker app that won approval. The hidden features were grounds for ejection from the program, but Miller says his treatment is heavy-handed and counterproductive. "I don't think they've ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will," he tells CNET. "That is the really bad news from their decision."

[Images (1)]

[Quotes (1)]

"I didn’t have to report this bug. Some bad guy could have found it instead and developed real malware," Miller says. (Getty Images)

« Prev« Prev | Next »Next » Slideshow

I miss Steve Jobs. He never kicked me out of anything. - Charlie Miller

« Prev« Prev | Next »Next » Slideshow

CLICK BELOW TO VOTE

60%

13%

To report an error on this story, notify our editors.

OTHER STORIES ON OUR RADAR

Getty Images

Man Goes to Hospital For Kidney Stone...Leaves a Woman (Huff Post)

Is Chase Crawford Dating a Cougar? (Bleacher Report)

My Boss Walked in on Me Touching Myself, Now He Won't Stop Flirting (Slate)

7 Gross Celebrity Items Sold at Auction (The Week)

The Lowest-Rated Show on TV Is Actually Awesome (Slate)

Partner Links

Sponsor Links

A snapshot of the day's best news stories.

View Larger Grid

All Today Yesterday Pick a Date

COMMENTS

Read the comment policy

Showing 3 of 7 comments

pg13

Nov 8, 2011 11:38 AM CST

Charlie Miller the "guru" is guilty of self-promotion. Any developer who follows the IEEE Code of Ethics would first report the security hole to the company, not implement it and then broadcast a successful "security exploit" across the internet. Completely unethical and self serving.

JoeQ

Nov 8, 2011 10:26 AM CST

Wow, it's that easy? That's not exactly a minor security issue.

embersyc

Nov 8, 2011 6:47 AM CST

Apple must maintain the fanboys false sense of security at all costs.

What's Popular Now on Facebook

Japanese Artist Serves Up Own Cooked Genitals

Rape Conviction Cleared, Thanks to Facebook

Forbes (Source Grid »)
Forbes (Source Grid »)
CNET (Source Grid »)

Technology • Money

iPhone • Apple • malware • iPhone apps • App Store • online security • mobile malware • iPad • iPad apps • smartphone hacking • smartphone app

More Newser Stories

Apple Sued for Letting Our Apps Track Us

iPhone, iPad contain identifiers that can't be blocked: suit

(NEWSER) - Apple allows iPhone and iPad apps to send users' personal info to advertising networks without consent, according to a lawsuit filed last week. The suit says the gadgets contain identifying devices that let these networks track users' app downloads and usage, Bloomberg reports. Some apps also sell information like users' "location, age, gender, income, ethnicity, sexual orientation and political views" to advertisers, the suit alleges. More»

Apple Loosens Up on Apps

Restrictions lifted, guidelines published

(NEWSER) - Apple has done a U-turn and scrapped restrictions introduced earlier this year on what tools developers can use to build applications for the iPhone and iPad. Developers will now be allowed to use tools based on Adobe's Flash, and restrictions on other programming languages have been lifted, the Wall Street Journal reports. Shares in Adobe jumped after the news, though iPhone and iPad users still won't be able to access Flash-based content on the Internet. More»

Apple Considers 'Explicit' Section for Booted Apps

Developer-only category could mean restricted App Store area in future

(NEWSER) - Just days after Apple drew the wrath of the blogosphere for booting racy apps from its App Store, iPhone developers report a new “Explicit” category in its place. The move could mean the company is carving out a future place for some of the more than 5,000 programs it ditched, which, Mashable notes, was widely seen as a bid to soothe parents ahead of the iPad release. “Explicit” is not a category on the user side of the store yet, but could be an 18-and-over niche down the line. More»

Apps Can Snatch iPhone Photos, Too

Apple loophole makes photos vulnerable

(NEWSER) - It's not only contacts that can be snatched from your cellphone by apps—photos, too, can be yanked, thanks to an Apple loophole. Once a user allows an application on an iPhone, iPad, or iPod Touch to have access to location information—to launch a mapping function, for example— the app can copy the user’s entire photo library, unbeknownst to the user, reports the New York Times . But the Times notes that it's not clear if any App Store apps are actually uploading users' images. More»

Apple Cans App That Slams Its Supply Chain

Phone Story contains 'objectionable content,' Apple says

(NEWSER) - An app that takes a harsh look at the smartphone industry has been removed from Apple's App Store. Phone Story included four mini-games involving child labor in Africa, worker suicides in China, e-waste disposal in developing countries, and consumerism in the West. Apple says it banned the app for reasons including the depiction of child abuse and "excessively objectionable or crude content," although it appears to be the company itself that found the game's content objectionable, the Guardian notes. More»

NEWS FROM OUR PARTNERS

What is Newser?

Face it: there's too much news. At Newser, we choose the most thought-provoking and entertaining stories from hundreds of US and international sources and reduce them to a headline, picture, and two paragraphs. And we do it 24/7—you can come back morning, noon, night (and in between) for something new that matters. Read less, know more.

Learn more »

Partnering with: Slate

View Newser on the mobile website

Apple Boots Developer Who Exposed Security Hole

Finding App Store bug costs Charlie Miller his license

[Images (1)]

[Quotes (1)]

OTHER STORIES ON OUR RADAR

iPhone • Apple • malware • iPhone apps • App Store • online security • mobile malware • iPad • iPad apps • smartphone hacking • smartphone app

MOST POPULAR STORIES

[ By Views ]

[ By Comments ]

More Newser Stories

Apple Sued for Letting Our Apps Track Us

iPhone, iPad contain identifiers that can't be blocked: suit

Apple Loosens Up on Apps

Restrictions lifted, guidelines published

Apple Considers 'Explicit' Section for Booted Apps

Developer-only category could mean restricted App Store area in future

Apps Can Snatch iPhone Photos, Too

Apple loophole makes photos vulnerable

Apple Cans App That Slams Its Supply Chain

Phone Story contains 'objectionable content,' Apple says

About Us

Site

Community

Site Maps

Tools

More News

What is Newser?