iPhone Exploit Undermines App Store Security, Lets Devs Update And Run Arbitrary Code
November 11, 2008 at 14:19 PM EST
We have stumbled across a severe flaw in iPhone security that allows third party developers to update and execute arbitrary code from their applications at will, totally circumventing Apple's App Store approval process. Normally, applications (and all of their updates) have to go through a lengthy review process before they're posted to the App Store, as Apple combs through them to ensure they don't do anything malicious or otherwise violate its Terms of Service. This exploit may give developers free reign. The exploit stems from a benign trick that would otherwise seem trivial to most iPhone users. Whenever you launch an iPhone application, an image called 'Default.png' is briefly displayed while the app loads in the background. Applications developed in-house by Apple are able to use dynamic 'Default.png' images, which can be modified to do a number of things, like show the current date or display the contents of the app before it's done loading. Until now third party developers have been stuck with static 'Default.png' images that could not be changed after the app had been installed. To get around the restriction, developer Patrick Collison figured out a workaround that tricks the iPhone's code signing mechanisms into giving devs access to these dynamic launch images.