Interesting iPhone Security Article

0 views
Skip to first unread message

Justin Etheredge

unread,
Nov 11, 2011, 12:48:54 PM11/11/11
to Richmond Software Craftsmanship Group
I remember a meeting we had a while back, where we were discussing
Mono on the iPhone and we talked about the limitations due to Apple's
rules around emitting and executing arbitrary code on iOS. The topic
also drifted to JavaScript running much more slowly in applications
than it did in the browser, due to Apple only running its new
JavaScript engine in the browser (in iOS 4.1). There was discussion
about how Apple had done this to purposefully cripple JavaScript in
apps due to it wanting people to develop native apps, but it was
quickly pointed out that this was done for security reasons, since the
new JS engine would force Apple to allow arbitrary code execution in
the same process as a native app.

Well, to make a long story short, I thought people would be interested
to hear that the recent remote code exploit discovered in iOS 5 (which
now runs the new JS engine everywhere) involves the new JS engine
allowing remotely downloaded code to be executed. The developer has
not released details of the exploit yet, but this article has a video
of him running the exploit in a dummy app he created:

http://www.forbes.com/sites/andygreenberg/2011/11/07/iphone-security-bug-lets-innocent-looking-apps-go-bad/

Kevin Hazzard

unread,
Nov 11, 2011, 1:27:05 PM11/11/11
to rs...@googlegroups.com
Wow. And those asses revoked his developer privileges? They should hire the guy.
 
Thanks,
 
LKevin


--
You received this message because you are subscribed to the Google Groups "Richmond Software Craftsmanship Group" group.
To post to this group, send email to RS...@googlegroups.com.
To unsubscribe from this group, send email to RSCG+uns...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/RSCG?hl=en.




--
W. Kevin Hazzard
Consultant, Author, Teacher, Microsoft MVP

Tobias O'Leary

unread,
Nov 11, 2011, 3:20:09 PM11/11/11
to rs...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages