Apple Inc.'s iPhone App Store is not as airtight as many believe, according to a researcher who managed to get a malware app through Apple's vetting process as a proof of concept.

The malicious app, called "Instastock," masqueraded as a stock-ticker app and has been available on the app store since September, Computerworld reported Tuesday. This app was able to connect to a server to download a file that could, in theory, steal sensitive data from the phone or access its camera and microphone.

Apple allows the iPhone to only run code that has been previously approved, but there is one exception to that rule, the article said. The exception is for Safari, the iPhone's built-in Web browser, which is able to run unapproved code to speed up websites that use Javascript.

The researcher, Charlie Miller, found that it is possible for a developer to trick the iPhone into thinking the malicious app is Safari, thus invoking the exception that allows it to run rogue code, the article said.