Miller, best known for his zero-day vulnerability discoveries in Apple products, found a way to plant a nefarious program in Apple's highly restrictive App Store.
He plans to reveal the method next week at the SysCan conference in Taiwan, according to Forbes, which first reported the news. His technique exploits a bug in Apple's iOS code-signing mechanism used to allow only company-approved commands to run on an iPhone or iPad.
To demonstrate the issue, Miller created a PoC app called “InstaStock,” which appears to be a benign stock market program, but is capable of communicating with a remote computer, downloading unapproved commands and harvesting information from a device. He then managed to trick Apple into approving the app for distribution in its official distribution platform, a move the company said violated its terms of service.
“First, they give researchers access to developer programs…then they kick them out...for doing research. Me angry,” Miller, principal research consultant at security firm Accuvant, tweeted on Monday. He later admitted to violating Apple's terms of service, but said he likely has done so in the past.
“So why boot me now?” he asked.
The flaw allows apps in the App Store to download and run new code, even if the code is not signed by Apple, Miller explained in a YouTube video demonstrating the bug.
“So you could imagine downloading a nice app, like Angry Birds, but instead of just being Angry Birds it actually can download and do anything it wants, and Apple would have no idea that happened,” Miller said in the video.
A spokesperson from Apple did not immediately respond when contacted by SCMagazineUS.com.