By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: November 7, 2011

Monday, 7 November 2011

Charlie Miller Finds and Exploits a Vulnerability in iOS Code Signing Enforcement ★

His app, which Apple allowed (but has, in the hours since Miller published this video, removed) onto the App Store, demonstrated a vulnerability where an app could download unsigned (and thus potentially unsafe) executable code from a remote server. No exact details on the bug until Miller gives a talk revealing it next week, but Andy Greenberg at Forbes has more info:

Miller became suspicious of a possible flaw in the code signing of Apple’s mobile devices with the release of iOS 4.3 early last year. To increase the speed of the phone’s browser, Miller noticed, Apple allowed javascript code from the Web to run on a much deeper level in the device’s memory than it had in previous versions of the operating system. In fact, he realized, the browser’s speed increase had forced Apple to create an exception for the browser to run unapproved code in a region of the device’s memory, which until then had been impossible. (Apple uses other security restrictions to prevent untrusted websites from using that exception to take control of the phone.)

The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like. “Apple runs all these checks to make sure only the browser can use the exception,” he says. “But in this one weird little corner case, it’s possible. And then you don’t have to worry about code-signing any more at all.”

That’s the Nitro JavaScript engine, which is faster because it uses JIT compilation, but is less secure for the same reason. I wrote about the security implications of Nitro back in March.

Also: Apple has kicked Miller out of the iOS developer program.

Nilay Patel Reviews the Motorola Droid Razr ★

“Smart Actions” seem pretty cool. Neat idea.

Laptop Magazine’s 2011 Tablet World Series ★

The iPad 2 lost in the first round to the Asus Eee Pad Slider, but the winner was the Lenovo ThinkPad Tablet. It’s like a tablet contest from Bizarro World — last year’s Tablet World Series winner was the BlackBerry PlayBook. (Via The Macalope.)

Comma ★

Apple, in a legal response to HTC:

Apple denies that its correct name is Apple, Inc. The correct name of Respondent is Apple Inc.

Yelping With Cormac: The Apple Store ★

“Cormac McCarthy” reviews the Apple Store for Yelp:

I figured he worked there so I asked him what the line was all about. What were all these people waitin for. He told me it was for a apple phone or some such. I said dont these folks have telephones already? He told me they all had apple phones but it was the older one. I asked him what would happen to the old apple phones.

Whole site is brilliant. Don’t miss this one. (Via Matt Killmon.)

Revolutionary User Interfaces and Disruption of the Global Handset Market ★

Horace Dediu:

My hypothesis is that The Primary Cause for the shift of profits from Incumbents to Entrants has been the disruptive impact of a new input method.

You look at where the profits have gone, and numbers 1, 2, and 3 are Apple, Samsung, and HTC.

Chevrolet Speedometer Design ★

Christian Annyas surveys 70 years of Chevy speedometer design. Those horizontal ones from the ’60s and ’70s are dreadful.

Siri to Mac 512K ★

Things like this give me the urge to get old Macs out of the closet.

Apple, With 4 Percent of Handset Market, Captures 52 Percent of Profits ★

Android is winning!