Protection investigator Charlie Miller has been booted out from participating in Apple's developer programs, shortly after releasing early findings of a security hole in the company's iOS software.
Miller annunciated the news on Twitter this afternoon, saying "OMG, Apple just kicked me out of the iOS Developer program. That's so rude!"
Earlier today Forbes' Andy Greenberg published a story featuring Miller, who is a long-familiar security researcher who targets Apple's products and services. Miller's latest discovery comprised a security hole in iOS that let applications grab unsigned code from third-party servers that could be added to an app even after it has comprised approved and is live on Apple's App Store.
To test the feature, Miller released a general stock-checking app called InstaStock that coulded and grab bits of code to show that it worked. As noted in our original coverage, such behavior is grounds for dismissal from Apple's developer program, as spelled out in Apple's App Store guidelines.
But as Apple notes in its letter to Miller (posted below), he violated sections 3.2 and 6.1 of Apple's iOS Developer Program License Agreement (a separate agreement), which respectively cover interfering with Apple's software and services, and hiding features from the company when submitting them.
"I don't think they have ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will," Miller said in an email to CNET. "That is the actually bad news from their decision."
Apple did not immediately respond to a request for comment on the matter.
Miller has foregrounded numerous security flaws within Apple software across the years, with one of his most high-profile discoveries being a hack for the mobile version of Safari in 2007, shortly after the first iPhone was released. In addition, he's been a fixedness at the Pwn2Own security contest to gain control of Apple's Mac OS X computers through the built-in Safari Web browser. More recently, Miller detailed that the low-level system software that ships on all of Apple's recent-model batteries was protected by the same two passwords, allowing would-be attackers theoretically disable the batteries given access to an administrator account.
In a tweet, Miller noted that he paid for his development accounts himself, despite the company doling out accession to security researchers. news.cnet.com
Miller annunciated the news on Twitter this afternoon, saying "OMG, Apple just kicked me out of the iOS Developer program. That's so rude!"
Earlier today Forbes' Andy Greenberg published a story featuring Miller, who is a long-familiar security researcher who targets Apple's products and services. Miller's latest discovery comprised a security hole in iOS that let applications grab unsigned code from third-party servers that could be added to an app even after it has comprised approved and is live on Apple's App Store.
To test the feature, Miller released a general stock-checking app called InstaStock that coulded and grab bits of code to show that it worked. As noted in our original coverage, such behavior is grounds for dismissal from Apple's developer program, as spelled out in Apple's App Store guidelines.
But as Apple notes in its letter to Miller (posted below), he violated sections 3.2 and 6.1 of Apple's iOS Developer Program License Agreement (a separate agreement), which respectively cover interfering with Apple's software and services, and hiding features from the company when submitting them.
"I don't think they have ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will," Miller said in an email to CNET. "That is the actually bad news from their decision."
Apple did not immediately respond to a request for comment on the matter.
Miller has foregrounded numerous security flaws within Apple software across the years, with one of his most high-profile discoveries being a hack for the mobile version of Safari in 2007, shortly after the first iPhone was released. In addition, he's been a fixedness at the Pwn2Own security contest to gain control of Apple's Mac OS X computers through the built-in Safari Web browser. More recently, Miller detailed that the low-level system software that ships on all of Apple's recent-model batteries was protected by the same two passwords, allowing would-be attackers theoretically disable the batteries given access to an administrator account.
In a tweet, Miller noted that he paid for his development accounts himself, despite the company doling out accession to security researchers. news.cnet.com
0 comments:
Post a Comment