If your notion of the App Store review process was that Apple was conducting a line-by-line source code audit of submitted applications then, yes, this is a calamity of the highest order.
If, like a reasonable person, your notion of the App Store process was some Q&A, documentation, and background info on the developers themselves, so that Apple could go in and kill any application found to violate their policies, then this "flaw" doesn't mean anything.
Apple may very well fix the underlying problem, which is that signed code bundles can include symlinks to unprotected app data, which links are not followed during signature verification. Then again, they may not. Why would they care? If you abuse the "feature", they're just going to kill your app.
Don't forget, Apple managed to stick a tethering application on the app store that John Gruber reports works just fine. If they're missing things that big, I doubt they're looking very carefully at the code.
I guarantee you this article had zero impact on whether or not Apple removed this "feature". I'm also reasonably sure they'll fix the bug in short order.
I love how TechCrunch claims they discovered this flaw, when really it was Patrick Collison. The first thought several people I know had after reading his article was "hmm it works for images... I wonder if it works for code"
TechCrunch didn't even bother verifying their hypothesis.
If your notion of the App Store review process was that Apple was conducting a line-by-line source code audit of submitted applications then, yes, this is a calamity of the highest order.
If, like a reasonable person, your notion of the App Store process was some Q&A, documentation, and background info on the developers themselves, so that Apple could go in and kill any application found to violate their policies, then this "flaw" doesn't mean anything.
Apple may very well fix the underlying problem, which is that signed code bundles can include symlinks to unprotected app data, which links are not followed during signature verification. Then again, they may not. Why would they care? If you abuse the "feature", they're just going to kill your app.
Don't forget, Apple managed to stick a tethering application on the app store that John Gruber reports works just fine. If they're missing things that big, I doubt they're looking very carefully at the code.