iOS app bug leaves iPhones at risk from attack

An iPhone security flaw has been unearthed by former NSA analyst Charlie Miller, who says that the iOS bug leaves handsets open to malicious attack.

Apple is renowned for having an extremely tight app approval process, and for a long time now it has served it well in ensuring that any external software running on its prized operating system doesn't impact on the user experience or, indeed, place the user's info at risk.

However, due to recent changes made in the iOS 4.3 update last year  - Apple allowing javascript code to have more of an impact on the device's system - a bug in iOS has been created.

The bug would allow a malicious app to be downloaded, which could connect with remote servers, potentially being able to steal information such as contacts and photos.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check," said Miller, "with this bug, you can’t be assured of anything you download from the App Store behaving nicely."

Miller had also planted a test app that was to show up the weakness, and was due to be revealed at the upcoming SysCan conference in Taiwan. Unfortunately for Miller Apple has revoked his developer licence and pulled his app from the App Store.

Miller is understandably miffed at being banned from the Developer programme, stating on Twitter:

"First they give researcher’s access to developer programs, (although I paid for mine) then they kick them out.. for doing research."

Expect Apple to patch this up with an update quick smart.