iOS Apps “Hot Patching” Update Puts Users At Risk
The recently engaged iOS JSPatch could potentially allow nasty developers to bypass Apple’s severe application review process and could have gain access on restricted iOS functions.
Today, increasing number of iOS application that developers use that allows them to silently remote and modify code in apps without going at Apple’s review process, opening door to abuse and could lead to security risks for users.
A hot patching is variation technique, a silent way of dynamically updating any system or application without restart or altering its current process. This case, iOS application is now updated without developer having to submit new version to official iOS app store and wait for Apple’s review for the recent changes, which naturally considered as lengthy process.
The problem now is that hot patching with iOS security model, partially draws strength from Apple’s walled garden that is carefully controlled Apple app store. Some security related restrictions Apple imposes on apps and which are enforced through review process. As JSPatch now then allows developers to bypass such Apple policies.