iOS Apps “Hot Patching” Update Puts Users At Risk


The recently engaged iOS JSPatch could potentially allow nasty developers to bypass Apple’s severe application review process and could have gain access on restricted iOS functions.


Today, increasing number of iOS application that developers use that allows them to silently remote and modify code in apps without going at Apple’s review process, opening door to abuse and could lead to security risks for users.

A hot patching is variation technique, a silent way of dynamically updating any system or application without restart or altering its current process. This case, iOS application is now updated without developer having to submit new version to official iOS app store and wait for Apple’s review for the recent changes, which naturally considered as lengthy process.

The execution of patching method comes from most of open source project known as JSPatch, provides engine that app developers can integrate their apps which bridges JavaScript code to the Objective C a programming language used by Apple’s iOS apps.
Example, after adding JSPatch engine to application, developers can now configure the app to load JavaScript code always from remote server that they control. This code is interpreted by JSPatch engine and then converted into Objective-C.

The problem now is that hot patching with iOS security model, partially draws strength from Apple’s walled garden that is carefully controlled Apple app store. Some security related restrictions Apple imposes on apps and which are enforced through review process. As JSPatch now then allows developers to bypass such Apple policies.

Be the first to comment

Leave a Reply

Your email address will not be published.