Anybody seen XBMC running on this?

How can I state this clearly. You are wrong. re-watch the video at 2:28 he states he is delivering ANOTHER PAYLOAD "This one is a bit worse" he says. It is obvious you are an idiot who likes to talk like he is informed when he has NO IDEA WHAT YOU ARE TALKING ABOUT.

My head just exploded, thank you.

There is nothing dangerous in that, many apps do what his does on every day. It is basically a news reader. The exploit is entirely JavaScript based that is hosted on his server. And he did point it out to Apple weeks ago, but without a working exploit nobody would believe it could app store approval.

No, the Rick Roll was the exploit. The exploit was only downloaded when the application was first run and he had his server running. This is not illegal any where. At all.

I may be wrong, but from what I read, the malicious code isn't stored in the app itself, it is delivered during first run from his server.

rick rolling someone isn't illegal anywhere.

It depends on your definition of malicious. It played a YouTube video, and only under a very controlled circumstance(first run when his server was running), other wise the app functions just as it should. There is no victim here, well maybe Apple's security image, but no "innocent" people were harmed.

He told Apple about it 3 weeks ago. The only thing that would have helped is Apple's image, but as a security researcher this kind of publicity is golden. As Apple knows good press coverage is much better than a paid ad.

The vetting process is part of the iOS security. It isn't a very good proof of concept if he couldn't prove that was flawed also. Of course he did it for attention, that is how he advertises his services. At least he responsibly reported it to Apple and didn't release the code.

he did

He reported it 3 weeks ago. [news.cnet.com] It could be patched in 5.0.1 already.

2010 was a good year and all, but it's jokes are getting a bit stale.

To be fair, the App store approval process is a form of security so without it being approved it really isn't a "Proof of Concept." You know the people would just say that Apple's approval process wouldn't let it through.

No, it was just a proof of concept. When the "exploit" was launched it played a youtube video though it was capable of doing ANYTHING with the phone.

doubtful. This is the same guy that always Pwns OS X in the Pwn to Own competition.

google doesn't get paid for you searching. They get paid by DISPLAYING ads.

EVERYBODY SHOULD TYPE IN ALL CAPS.

I was going to say, I usually put the cheap beer in a tub and keep the good beer for the kegerator. Only my better friends know the kegerator is in my office.

Actually the wifi network info is quite helpful without being used in nefarious ways. If you are in range of a known wifi signal your relative location is quick and easy on the battery.