Hot-patching method melts security hole in Apple's App Store

A system that app developers use to bypass Apple’s time-consuming procedures in order to issue “hot-patching” to App Store apps has inadvertently spawned a serious security risk for iOS app users.

FireEye researchers warn that JSPatch – an open-source technology that’s used by app developers as an alternative to Apple’s arduous review process for patching apps – is vulnerable to exploitation.

Tricks uncovered by FireEye’s white hats might, in the wrong hands, become a tool for hackers to modify mobile services' status or (if taken further) to remotely access and exfiltrate personal photos from targeted iPhones or fondleslabs.

JSPatch allows hackers to “circumvent the protection imposed by the App Store review process” and remotely “change the state of the device”. The iOS Pasteboard, which allows people to copy and paste content between different iPhone apps, might be exploited through JSPatch to copy and export personal data from victimised iOS device, FireEye warns.

The snafu could be symptomatic of a wider class of vulnerabilities. FireEye says JSPatch is one of a class of new technologies to help developers speed up the process of “hot-patching” iOS apps that inadvertently allow hackers to bypass Apple’s “walled garden” around the App Store. Other such apps might throw up similar problems in future, FireEye warns.

A blog post by FireEye explaining the security issue in far greater depth can be found here. ®