Would a researcher test malicious code on a live network? Isn't that what Miller is doing by submitting a "prototype malicious program" into the app store? Isn't there some other way he could have brought this to Apple's attention? Seems like grandstanding and attention-seeking to me.
Apple security expert finds apps-software bug:
A software flaw in Apple Inc's iPhones and iPads may allow hackers to build apps that secretly install programs to steal data, send text messages or destroy information, according to an expert on Apple device security.
Charlie Miller, a researcher with Accuvant Labs who identified the problem, built a prototype malicious program to test the flaw. He said Apple's App Store failed to identify the malicious program, which made it past the security vetting process.
(Via www.reuters.com)
No comments:
Post a Comment