Posted by: oldmacbloggit | November 8, 2011

iOS exploit: the Miller’s Tale

Sorry, but possibilities for exploiting the works of Chaucer for a blog title don’t come along very often. Charlie Miller, who has made something of a career of pushing the Apple envelope, has upset Cupertino by publishing a “sleeper app” on the App Store that demonstrated a vulnerability that could allow a malicious app author to download unsigned code from a remote server.

At next week’s SysCan conference in Taiwan he plans to demonstrate a flaw in iOS 4.3 onwards that allows the Nitro JIT Compiler to “add dynamic, unsigned code to a process while running.” As he told Brian Prince at Security Week:

“The exception allows them to do Just-in-time compiling which will speed up the performance of any JavaScript engine. The drawback is it allows for unsigned code to run in this one case.”

John Gruber discussed the security implications of the Nitro Javascript compiler earlier this year.

Characteristically, Apple has not only removed the app (understandable) but also removed Miller from its developer program. I understand the company’s annoyance, but for the sake of its customers’ security, can it really afford to take an “I’m not listening” stance towards a researcher who has given them advance warning on so many potentially problematic security issues?

Old Mac


  1. the pay might be too high for Apple if they don’t listen to warnings like these, the consumers also will be cautious when thinking on buy an Apple product if they feel vulnerable

    • I’m not a fan of the “not listening!” model of vulnerability research response. But I can see that Apple was in an awkward spot here. The disclosure was dramatically attention-grabbing, but was it responsible and ethical? Should Apple have made an exception to their app store and developer policies because it was Charlie Miller?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: