Forbes has reported that security researcher Charlie Miller has released a video that shows one of Apple�s iPhones executing unsigned code. In simple terms, he has made the iPhone do things that Apple never authorized. What Miller did was make a simple stock checker app that he had approved with the App Store. Running this app in the normal way doesn�t do anything that it shouldn�t, but when Miller activates something on a server the app accesses he get access to the iPhone remotely and is able to launch apps, make the iPhone vibrate, browse the iPhone�s file system and even download the contents of the address book. This type of flaw could create a lot of nightmares for people.
Apple has since removed the app from the App Store and Miller has not released information on how this hack works. He is giving Apple the chance to plug the hole in iOS 5.0.1. He did however; state that the flaw is part of Nitro, a JavaScript engine added in iOS 4.3.
This information in the wrong hands could means that malicious users could get an app through Apple�s review process and then systematically steal data from people�s iPhones worldwide. Apple is working hard on their iOS 5.0.1 release where they are hoping to solve the current battery issues and we are sure they will be working on this security issue too.
Charlie Miller has released a video showing what he was able to achieve so if you want to know exactly what this security vulnerability could mean take a look below.