Miller is set to present his method that exploits a flaw in Apple’s code restrictions when it comes to code signing on iOS devices at the SysCan conference in Taiwan next week. The use of his method resulted in Miller planting a sleeper app in Apple’s App Store in order to demonstrate the trick. To put it in a nutshell, an app is able to phone home to a remote computer which will then download new unapproved commands onto the device. These commands can then be executed at will – where some of the more heart-stopping aspects include accessing one’s collection of photos, going through the contact list, making the phone vibrate, or even vibrating the phone at will. Isn’t that spooky? Check out a video of the vulnerability below, and we do hope that a fix is in line soon.
. Read more about