Elie on his blog claims that with abuse of the system he can perform various hacks like
Password stealing: Trick the user into disclosing his or her password by using the application update notification mechanism to insert a fake prompt when the App Store is launched.
– App swapping: Force the user to install/buy the attacker’s app of choice instead of the one the user intended to install/buy. It is possible to swap a free app with a paid app.
– App fake upgrade: Trick the user into installing/buying the attacker’s app of choice by inserting fake app upgrades, or manipulating existing app upgrades.
– Preventing application installation: Prevent the user from installing/upgrading applications either by stripping the app out of the market or tricking the app into believing it is already installed.
– Privacy leak: The App Store application update mechanism discloses in the clear the list of the applications installed on the device.
This post has been originally posted on Elie Bursztein’s blog.