Charlie Miller Kicked out of the Apple Developer Program
Written by Sean KalinichReading time is around minutes.
If the name Charlie Miller sounds familiar to you it should. After all he is one of the researchers that has consistently found bugs and holes in Apple’s vaunted security. He is also a very frequent winner of the Pwn2Own competition where security experts and “hackers” alike compete to find the fastest way of breaking into a computer system. Charlie’s love for Apple and all of its devices has kept him in something of a love-hate relationship with the company for years, but recently things turned for the worse.
After the discovery of a flaw in Apple’s Mobile Safari that allowed the execution of unsigned code Miller reported this to Apple. He did this on the 14th of October and never received any word back on it. To further demonstrate the seriousness (and apparent ease) of this new flaw Miller submitted an app that had the malicious code packed inside. The App, which was disguised as a stock ticker, was approved by Apple and set up for distribution in the walled garden of the iTunes App Store. Miller was able to use the App to execute his code and take control of core functions of the phone.
For his troubles Miller was unceremoniously dropped from the Apple Developers Program for violating the terms of the agreement (which he really did do). The problem with this type of action from Apple is that it makes them seem like they do not want to admit or address serious security issues inside their operating systems. Miller has sent off an email asking for clarification stating “I’m mad, I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”
Miller feels that this is one of the changes that are coming after the passing of Steve Job and the new management. “I miss Steve Jobs,” he says. “He never kicked me out of anything.”
Source Forbes
Discuss in our Forum
Latest from Sean Kalinich
- NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
- Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
- Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
- Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
- Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Leave a comment
Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.