Apple fixed a serious bug in the iPhone and the iPad, which allowed hackers to introduce into the application the secret "load", which is not confirmed officially.
On Tuesday Charlie Miller, a researcher of the company for security Accuvant, removed from the list of developers iOS after he demonstrated the danger which may cause the vulnerability. Annex Miller InstaStock, added to the store applications in September, was a simple program tracking the prices of goods of different companies. But, as it turned out in fact, the application outperformed the protective mechanisms of the iOS devices that block any application that had not been approved by Apple.
As a result of InstaStock allowed Miller, one of the co-authors of the "Reference book hacker Mac", secretly monitor all who have installed the application on your device. A few hours after he revealed the hidden meaning of your application - as well as of a bug, with the help of which and managed to make this operation - manual Apple decided to suspend him from work in a team of developers. Thus Apple deprived him of his rights on the testing of new products prior to their official release.
On Tuesday, after 48 hours after Miller told about the threat, the developers of Apple corrected a defect in the safety iOS 5.0.1.
"A logic error was discovered in the mmap in the system of test combinations of flags", - stated in the recommendation. "Vulnerability could allow to bypass validation of digital signatures". There was this vulnerability since the time of the issue of iOS 4.3.
Miller was able to bypass check the digital signature after he found an exception in iOS 4.3, which provided the opportunity to install unsigned applications on the iPhone and iPad. This exception was made for improvement of the Safari browser, allowing him just-in-time compilation.
The update package iOS contained a fix for the other four threats, including the vulnerability, which allows to unlock the iPad 2 without entering any passwords.
Related posts:
.png)