If you’ve thought about developing apps and tweaks for Apple’s iOS devices, but the idea of the company’s App Store approval process puts you off, then maybe it’s time to avoid that with The iOS Hacker’s Handbook. Written by a team of Mac and iOS security experts — including some prominent members of the jailbreaking community — this book promises to teach you all about the vulnerabilities and exploits in the iOS firmware.
A couple of days ago, security researcher Charlie Miller discovered a doozy of a bug in iOS 5’s Nitro Javascript engine that allowed any app to remotely download and execute malicious, system-level code on an iPhone.
While most of the aspects of this bug may seem pretty dire for users of Apple devices, especially those who can’t even trust App Store apps anymore, it is great news for jailbreakers. In fact, Miller’s bug may lead to a proper, untethered iOS 5 jailbreak for all iDevices, including the iPad 2 and new iPhone 4S.
We told you a couple of hours ago about security guru Charlie Miller’s new iOS vulnerability that allows an approved App Store app to run unsigned code remotely. Miller has been hacking Apple’s products for years, and this most recent bug is a particularly nefarious exploit that could be used for all kinds of evil purposes.
Charlie Miller is one of the good guys, however, and he is planning to show his cards at the SysCan conference in Taiwan next week. The ends don’t always justify the means in this case, as Apple has now kicked Miller out of the App Store and iOS Developer Program.
When it comes to Mac hacking, there are few security experts more dangerous than Charlie Miller, who can hack a Mac in mere seconds. Luckily, Miller only uses his hacking powers for the forces of good, so his hacks often lead to more secure systems for you and me.
Let’s hope that’s the case for the latest vulnerability Miller identified for the iOS platform. He has discovered a huge bug in iOS that allows malicious devs to write innocuous looking apps that slip by the App Store review process, only to phone home to a remote computer and repurpose all of iOS’s normal functions for malicious ends.
