As reported previously, serial Apple Mac cracker Charlie Miller has tapped a feature of Apple's portable operating system and created a proof-of-concept iPhone/iPad app that allows almost complete remote access to the device.
The gameplan was for former NSA analyst Charlie Miller – who has reportedly been ejected from the Apple developer corps for his trouble – to detail his findings at the SysCan security event in Taiwan this week.
The ticker app – which was removed from iTunes as news of Miller’s discovery broke earlier in the month - behaves like a remote access trojan (RAT).
Last Thursday saw iTunes users auto-offered an update to iOS5 that fixes a number of security issues.
According to Kaspersky Lab's ThreatPost newswire, Miller’s discovery centred on a logic error in the memory map system call's validation `memory flag’ combinations that effectively allowed applications to bypass Apple’s code-signing checks.
“The patch on Thursday also fixed another widely publicized iPad passcode flaw linked to the attached Smart Cover. That security hole allowed users access to the content of a given device without first requiring them to enter a passcode”, says the newswire.
Other problems solved with the patch for potentially malformed URLs and a memory issue with CoreGraphics' FreeType that could – in certain circumstances – allow malware on to the Apple portable device.
ThreatPost also reports that the iOS 5 updated revoked DigiCert Malaysia’s trusted root certificate status and solved a flaw in libinfo that could lead to the disclosure of sensitive information when visiting a maliciously crafted website.