Most modern OSes do allow this, to optimize performance. Apple's iOS blocks it for Mobile Safari, to optimize security. "If you allow for pages of memory to be escalated from writable to executable ... then you are enabling the execution of unsigned native code. It breaks the chain of trust. Allowing remote code to execute locally turns every locally exploitable security flaw into a remotely exploitable one."
And that, apparently, is exactly what Miller was able to do. Miller not only realized Apple had created this exception for Mobile Safari, but he also uncovered what he called "this one weird little corner case" -- a bug -- where it was possible for another program besides the browser to also use it.
Miller hasn't yet publicly revealed what the bug is. But he created a booby-trapped app, called Instastock, to demonstrate it. The app passed Apple's code inspection and was published on the App Store. (Yesterday, after Greenberg's story went live, it was removed.) On the surface, the app just listed stock tickers. But underneath, it connected to a server in Miller's St. Louis home. The device could pull down from the server, and execute, whatever commands he coded. The accompanying video, made by Miller, shows the app reading files on an iPhone and making it vibrate.
"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check," Miller says, reported in the Forbes story. "With this bug, you can't be assured of anything you download from the App Store behaving nicely."
Apple apparently has not yet said anything publicly about the exploit or its implications.
John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: firstname.lastname@example.org Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.