New security flaw in iPhone discovered

Discussion in 'iPhone Discussion & Support' started by anupkm, Nov 30, 2008.

  1. anupkm

    anupkm Member

    Apr 2, 2008

    Recently a flaw in iPhone security is discovered that allows third party developers to update and execute arbitrary code from their applications at will. Normally, applications and their updates have to go through a lengthy review process before they’re posted to the App Store, in this stage Apple inspect the application to ensure that they don’t do anything malicious to the system.

    Recently the developers have discovered a mechanism that tricks :cool: the iPhone’s code signing mechanisms. Typically the iPhone’s API prevents developers from loading code in secured areas, but this trick/hack makes the iPhone believe that the code it is loading came from a “trusted” source. This would likely allow a developer to update and execute whatever code they’d like at will.

    But the good news is…. at present this trick is not being implemented by any apps on the store, so if Apple can fix things quickly before accepting any more applications, your iPhone shouldn’t be at risk.

    Source: TechCrunch