New iOS Code Signing Flaw ⇥

Jake Smith of 9 to 5 Mac:

Security expert Charlie Miller has found a flaw in code signing on iOS devices (via Forbes) that allows developers to sneak malware apps onto the App Store without Apple’s detection. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses.

In theory, this shouldn’t happen in a closed ecosystem such as that of the App Store. There have certainly been fewer incidences of malware as compared to a completely unregulated store (virtually none, as a matter of fact), but this is an enormous oversight on Apple’s part.