iPhone Exploit Puts App Store Security At Risk
A developer claims to have found a new exploit in the iPhone that may let App Store developers sneak dangerous code into their apps. With Apple-developed apps, an image called ‘Default.png’ is displayed while the app is launching, and can do anything from show the current date or display the contents of the app before it’s finished loading. App Store devs are limited to static ‘Default.png’ images, but dev Patrick Collison has found a way around this.
While it seems harmless enough, TechCrunch is guessing that it could be dangerous. The premise of the hack is that it tricks the iPhone into loading unsigned code by making it think it came from a “trusted” source. If the same technique could be applied to arbitrary code, a developer could run any code they want, including things that are not so nice.
It’s probably not likely that this has already been used in the App Store, so there’s no need to get paranoid about the apps you’re downloading, but Apple would probably be wise to fix this soon.
For those interested, Patrick posted details on the hack to his blog.