AAPL Stock: 117.81 ( -0.22 )

Printed from

Apple boots iOS exploit finder from developer program

updated 10:20 pm EST, Mon November 7, 2011

Apple drops Charlie Miller as dev after finding

Well-known Accuvant security researcher Charlie Miller said he had been ejected from the iOS developer program just hours after discovering a remote control app exploit. Apple didn't explain the reasons why, although the test app, Instastock, had been published to the App Store and would have violated Apple's rules. Miller warned that Apple might have let the app go by without the media attention.

"For the record, without a real app in the App Store, people would say Apple wouldn't approve an app that took advantage of this flaw," he said.

Miller, well-known for hacking iOS devices to reveal exploits at Pwn2Own and other contests, had taken advantage of iOS JavaScript changes since 4.3 to show what could be done just by using the web. The app could successfully take messages, photos, and other content.

by MacNN Staff



  1. lamewing

    Joined: Dec 1969



    This guy is a moron. I give him credit for finding a reporting bugs to Apple, but to most recent method he used of hiding code in an app just to prove the existence of a bug goes against his agreement with Apple. And now he complains and says he's angry with Apple. Seems pretty self-entitled to me.

  1. lockhartt

    Joined: Dec 1969



    Sneaking malicious code into an app isn't exactly a bug. Anybody can do that... it's just generally considered stupid to do so because it all traces back to you. People who want to run malicious code don't usually create a legitimate app to do so, at least not on iOS where sufficient documentation is required to verify identity, etc. On Android; however, it's ridiculously easy to create and post a malicious app. Let's see what kind of "bugs" he can find there :)

  1. facebook_Pete

    Via Facebook

    Joined: Nov 2011


    Idiocy at its grandest..

    The guy find s a hole in the java engine of Nitro and decides to sneak an app that contains the exploit that then executes the malicious code. Then tells a bunch of his friends on Twitter what he has done then tells Apple. Then he says " I won't release the exploit until Apple fixes it" when he has already told a bunch of folks on Twitter and says he plans to put it into the Siri Port when its released along with a kernel exploit after a jailbreak is made stabled for untethered. What does this tell you about this guy and he's all smiley in this dam picture? Sigh.

  1. DerekMorr

    Joined: Dec 1969


    double standard?

    So let me see -- when malware occassionally slips into the Android Market, the comment threads light up slamming Android for being a poorly designed cesspool of insecurity.

    When malware slips into the App Store, the response is to call the author an idiot.

    Double standard much?

  1. testudo

    Joined: Dec 1969


    he's right

    If he just reported the bug or others made it public, the fanboys would just argue it was immaterial since it couldn't be exploited by anyone since the appstore would reject anything with that so the only ones with issues would be jailbreakers and that's what they get, yadda, yadda, yadda.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented