A security expert has identified a vulnerability in Apple’s app store which hackers could exploit to steal data, send SMS messages or destroy user information.
One of major consumer draws Apple has is that it exercises control over its hardware, software and applications. Proving the system is vulnerable undermines the Apple philosophy.
But researcher Charlie Miller of Accuvant Labs tested a potential flaw by developing a malicious app that made it through the Apps store’s security undetected.
The app was a stock market monitoring tool called InstaStock. When downloaded it would establish a connection with his server enabling him to remotelymdownload any program he wants.
“Until now you could just download everything from the App Store and not worry about it being malicious. Now you have no idea what an app might do,” Miller told the Sydney Morning Herald.
Although Apple hasn’t commented on the issue, Miller did say “they are in the process of fixing it.”
So far there isn’t any evidence that indicate hackers have exploited the security loop-hole but Miller believes the App store could harbour malicious software.
He plans on presenting his detailed findings at the SyScan 2011 conference being held next week in Taiwan.