Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hold on here. Is Apple expected to know Charlie Miller is a "security guru", and even if they did, why should he be treated any differently? Security researchers should be held to the same standard as regular developers when reporting bugs/flaws.

RTM was convicted of a crime because of his curiosity, and here we have a security researcher who knowingly put users at risk. You ask me, Mr Miller got off lightly.



He did not put users at risk. This vulnerability allows apps to download and execute new code, but that new code is still subject to the app's sandbox. This vulnerability is interesting from a research standpoint, but has zero actual consequences to the security of iOS.


Not sure I agree with this. Less scrupulous developers might use this to download code that does things, even from a sandbox, that are bad for users. For example, it could download code that reports your usage habits to third parties, or saves your CC number.


Such developers will just compile the code into their apps. It's trivial to hide it from the reviewers.


Surely you don't think that having arbitrary code placed within the IOS AppStore isn't a security risk do you? Once malicious code has been approved in the store an attacker need only find a way to break out of the sandbox, which I am sure is possible.


Reviewers check behavior, mostly not content. It's easy to hide code and activate it later. If you can break out of the sandbox, you don't need to download code to exploit that.


In his demo video, he shows a metasploit interpreter downloading the address book. He mentioned it was a different payload, but I don't recall if he said it was a different application.

If it was the same app, then does that imply the sandbox for a stockmarket app allows access to the address book?


I don't believe address book access is gated in any way.


That's not how it's being explained in the popular press.

http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-...


shocking that the popular press missstates anything tech.

Charlie is extremely well known in the security community. They know who he is. This isnt their first trip to the rodeo with Charlie.


Nowhere in that article do I see them state that the downloaded code is able to escape the sandbox. They certainly imply it pretty heavily, but I can only assume that's due to general cluelessness, or less charitably a desire to sensationalize the story.


Everyone at Apple who does security knows of Charlie Miller. The guy has a phd and hacks Apple products and wins prizes and writes research papers, etc. If they don't know of him I'd be very surprised.


He's pretty well known because of his series of 0-day exploits at CanSecWest.


Indeed. When you think OSX and iOS Security, Charlie Miller is the first name that comes to mind.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: