Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

← Back to Stories (view on slashdot.org)

Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Posted by Soulskill on Wednesday September 16, 2015 @01:48AM from the hide-and-seek-with-files dept.

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

94 comments

Min score:

Reason:

Sort:

Not exactly new. by wiredog · 2015-09-16 01:52 · Score: 0

This bug has been known for a year or so. Possibly more.

--

Best Slashdot Co
1. Re:Not exactly new. by Anonymous Coward · 2015-09-16 02:17 · Score: 0
  
  The article you linked describes misuse of the feature as designed. Not a bug.
  The current issue requires some type of privilege escalation and is certainly a bug.
2. Re:Not exactly new. by jedidiah · 2015-09-16 04:48 · Score: 1
  
  That sounds like a really weak attempt to come to the rescue of your favorite corporate brand.
  If it's a fundemental design bug, then it's still a bug.
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
3. Re:Not exactly new. by Anonymous Coward · 2015-09-16 08:51 · Score: 0
  
  How is pointing out an off-topic post a "weak attempt to come to the rescue" of Apple?
  I know this is slashdot but RTFA and RTFL and the difference should be obvious.
The enabling technology, itself, is ridiculous. by Osiris+Ani · 2015-09-16 02:01 · Score: 5, Insightful

Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
1. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:12 · Score: 2, Insightful
  
  Except that's the only time it's useful.
  Anyone you actually know you can just email the file to and they can get at their leisure. The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
2. Re:The enabling technology, itself, is ridiculous. by Galaga88 · 2015-09-16 02:14 · Score: 4, Informative
  
  I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this - thankfully.
  I've actually enabled AirDrop receiving requests from anybody on my iPhone (which I'm about to change) and have never gotten anything via it, unsolicited or otherwise. In fact, I'm the only person I've ever seen use AirDrop, and I had to tell the other person how to turn it on in each case.
3. Re:The enabling technology, itself, is ridiculous. by Galaga88 · 2015-09-16 02:15 · Score: 1
  
  Maybe Apple should change the behavior of "accept from everybody." Make it so it only stays active for 15 minutes, and then goes back to contacts only. It'd be closer to Bluetooth discovery then.
4. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:24 · Score: 0
  
  Except that's the only time it's useful.
  Anyone you actually know you can just email the file to and they can get at their leisure. The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
  I've used AirDrop a dozen or so times over the years and it's only been because email or other means wasn't an option. Files that were too large, available network too slow, no network at all (on an airplane), no email account (the family iPad has no email enabled on it), etc.
  It's a useful feature, but it shouldn't be considered a primary means of data transfer.
5. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:26 · Score: 3, Insightful
  
  The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
  So basically, “I don’t know you, or I don’t trust you enough to give you my contact information, but here-- put something onto my phone.”
  You’re lucky someone else beat you to it, because at least that makes your statement only the second-stupidest thing I’ve read today.
6. Re:The enabling technology, itself, is ridiculous. by BitZtream · 2015-09-16 02:29 · Score: 4, Informative
  
  Considering that were talking about signed apps that don't have the security warning, it also means the app can be traced to a specific individual or organization ... And that certificate can be blacklisted effectively stopping the attack vector on a global scale, instantly. While directly identifying who to prosecute and seize funds from. Apple gives out the signed certs, you don't just generate a very and poof it's no longer warning anyone, it has to be signed by Apple (the cert, not the app on OSX).
  So while this is a concern ... It requires that you disable MULTIPLE security features and do several stupid things to intentionally give everyone access to your devices.
  Hope they fix it quickly in case this can be exploited in other actually scary ways, but this scares me less than Trojans on a jail broken phone ... And my phone isn't jail broken!
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
7. Re:The enabling technology, itself, is ridiculous. by DougOtto · 2015-09-16 02:30 · Score: 4, Insightful
  
  Um no. If you put your device in "fuck me mode" because you're worried about your privacy, your doing it wrong. I don't blame you for posting AC, I wouldn't want admit that asshattery either.
  
  --
  Solving Unix problems since 1989...
8. Re:The enabling technology, itself, is ridiculous. by StikyPad · 2015-09-16 02:32 · Score: 2
  
  I think AirDrop defaults to contacts only
  It prompts me each time I enable it from the swipe-up menu, at least on iOS 8.1.
  
  --
  https://www.eff.org/https-everywhere
9. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:32 · Score: 0
  
  ... and have never gotten anything via it, unsolicited or otherwise. ...
  Given this bug, how can you know that?
10. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:38 · Score: 0
  
  > consider the setting that allows itâ"leaving AirDrop open to everyoneâ"to be a pretty ridiculous personal security flaw.
  Unfortunately, the users are being accustomed to exactly that. Wit browsers, accepting executable content from random sources out there is, alas, "Standard Operating Procedure" and has been knighted as "HTML5, Teh Ultimalte User Experience". So much so that browsers hide/disable once-common checkboxes to disable Javascript.
  Why should be iOS better?
11. Re:The enabling technology, itself, is ridiculous. by Qzukk · 2015-09-16 02:40 · Score: 1
  
  I consider the setting that allows it
  Is it the setting that allows it? Or does it work in the other settings too, but limited to just your "friends"? Now I'm tempted to see what kind of joke app I can throw together and get on my coworker's phone before Apple fixes this (of course, if I get my dev cert revoked by Apple that'd be bad, so I won't... but the temptation is there)
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
12. Re:The enabling technology, itself, is ridiculous. by StikyPad · 2015-09-16 02:40 · Score: 1
  
  It wouldn't be difficult to steal a signing key.
  Ok, it might be difficult, but it's certainly not impossible or unheard of. They've been found in GitHub repos, for example.
  If an malware app was installed without an icon, it could spread prolifically before anybody detected it and the signature could be revoked. Depending on the purpose, it might not need to survive very long anyway.
  If anyone actually used AirDrop, that is. I don't know anybody who does, or has it enabled. Most people just send photos via text or email, and share apps via links, if at all. The only time I've personally used it was in a location with poor cell service and no WiFi. I just turned it on in my office, and it didn't find anyone nearby either. YMMV...
  
  --
  https://www.eff.org/https-everywhere
13. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:41 · Score: 2, Interesting
  
  You know why Linux isn't the amazing success that Slashdotters think it should be? Because it's clear no one has ever interacted with real people, ever. Here, let me paint you a picture, I call it "literally the only time I've ever seen AirDrop used, ever."
  You're at a convention. There are people cosplaying. Two cosplayers who don't know each other but are cosplaying characters from the same show meet and do a pose and someone else takes a picture. The picture looks cool and one of the cosplayers says "ooo, send me that picture." Rather than exchange contact information, the picture taker AirDrops the picture onto the cosplayer's phone.
  And there you go, literally the only time I've ever seen anyone use AirDrop - to share a picture they just took with someone they didn't know and didn't want to share contact information with.
  AirDrop is only useful when, for whatever reason, you want to share some document of some form with someone you don't know and don't feel like setting up a "proper" channel to. Otherwise there's no reason to use it over email.
14. Re:The enabling technology, itself, is ridiculous. by myowntrueself · 2015-09-16 02:41 · Score: 2, Insightful
  
  Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
  The thing is, the iOS device is supposed to have a secure filesystem so that applications can't even share data via the local filesystem. And you can't just plug an iPhone into a USB port and drop whatever files you want on it, as if it were a USB thumbdrive. So iDevice users have been lulled into this sense of security that they can open up some space on their phone/tablet/iwhatever and that can't be abused, because Apple is so amazingly good at security. Except they aren't so oops.
  
  --
  In the free world the media isn't government run; the government is media run.
15. Re:The enabling technology, itself, is ridiculous. by Galaga88 · 2015-09-16 02:46 · Score: 4, Insightful
  
  Because I would have seen a prompt asking me to accept or decline a file. And I think it's safe to say that given the place I work and community in which I live, I have a better chance of having been killed in a traffic accident than somebody coming within AirDrop range and targeting me with an unpublished iOS vulnerability.
  Plus I just updated to iOS 9 which in all likelihood would have wiped out any nefarious stuff that had been installed by this mystery attacker-ninja.
16. Re:The enabling technology, itself, is ridiculous. by gmack · 2015-09-16 03:41 · Score: 3, Funny
  
  Years of using slashdot would keep me from enabling such a function even without the security implications. I can imagine some troll sending tubgirl or goat.cx pics to anyone they can.
17. Re:The enabling technology, itself, is ridiculous. by U2xhc2hkb3QgU3Vja3M · 2015-09-16 04:09 · Score: 1
  
  Pika! (as SFW as a cheerleader photo)
18. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 04:24 · Score: 1
  
  and this is why the rest of the world (Android, Windows Phone) is much better.
  You set up the connection by NFC, which requires you to put your phones in physical contact with one-another first -- then it sets up the network for file transfer.
  *Much* more private and secure. I remember when everyone was worried about NFC / Android Beam dropping files everywhere... for some reason (cough), this never was a security concern for the much more promiscuous I thingies.
19. Re:The enabling technology, itself, is ridiculous. by phantomfive · 2015-09-16 04:45 · Score: 0
  
  I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this
  
  Melissa virus only spread through contacts.
  
  --
  "First they came for the slanderers and i said nothing."
20. Re:The enabling technology, itself, is ridiculous. by 93+Escort+Wagon · 2015-09-16 05:21 · Score: 3, Interesting
  
  Given this bug, how can you know that?
  If you'd read the article, you'd have seen that the way to bypass the authorization prompt was by "nstalling an enterprise provisioning profile on the device and marking it as trusted."
  Sounds to me like AirDrop is superfluous in this case. If my device has an enterprise provisioning profile, I believe that enterprise can already put whatever it wants on it.
  So, if anything, this sounds like a sandboxing issue (you can put files in arbitrary locations on the device) rather than an AirDrop issue.
  
  --
  #DeleteChrome
21. Re:The enabling technology, itself, is ridiculous. by macs4all · 2015-09-16 06:15 · Score: 2
  
  Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
  Exactly.
  
  If this was a flaw in Android, all the Fandroids would be blaming the User. Bet they won't feel the same about Apple, though.
22. Re:The enabling technology, itself, is ridiculous. by macs4all · 2015-09-16 06:16 · Score: 1
  
  Maybe Apple should change the behavior of "accept from everybody." Make it so it only stays active for 15 minutes, and then goes back to contacts only. It'd be closer to Bluetooth discovery then.
  I agree that that would be a quick and dirty solution; but probably effective.
23. Re:The enabling technology, itself, is ridiculous. by flink · 2015-09-16 07:24 · Score: 1
  
  AirDrop is only useful when, for whatever reason, you want to share some document of some form with someone you don't know and don't feel like setting up a "proper" channel to. Otherwise there's no reason to use it over email.
  It's also useful when you want to share a largish video without down sampling it or going through the rigmarole of syncing the phone and copying the file between PCs. This is literally the only time I've used it: to exchange a video of our daughter with my wife.
24. Re:The enabling technology, itself, is ridiculous. by macs4all · 2015-09-16 09:45 · Score: 1
  
  because Apple is so amazingly good at security. Except they aren't so oops.
  Mighty haughty words, considering Android's "security" record.
25. Re:The enabling technology, itself, is ridiculous. by Zaiff+Urgulbunger · 2015-09-16 10:03 · Score: 1
  
  You're forgetting that people are stupid.
26. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-17 06:12 · Score: 0
  
  Uh, why not just ask the person you don't have contact information for their email address and email them the file like you do your known contacts?
Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 02:05 · Score: 1

Use it or lose it.
1. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 02:08 · Score: 1
  
  Use it or lose it.
  I should mention I don't have an Apple phone, but would be trying to root it.
2. Re:Not bug, a jailbreaker (root ones phone) by MtHuurne · 2015-09-16 02:17 · Score: 0
  
  The only difference between a jailbreak and a hostile exploit is the person using it.
3. Re:Not bug, a jailbreaker (root ones phone) by Overzeetop · 2015-09-16 03:29 · Score: 2
  
  Which means that if it were a gun, every American would be allowed to jailbreak/root their phone by birthright and protected by the constitution.
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  
  --
  Is it just my observation, or are there way too many stupid people in the world?
4. Re:Not bug, a jailbreaker (root ones phone) by Anonymous Coward · 2015-09-16 03:58 · Score: 0
  
  And, ironically, in your leftist rant, you still managed to point out why, exactly, the 2nd amendment is the most important of them all.
5. Re:Not bug, a jailbreaker (root ones phone) by macs4all · 2015-09-16 09:56 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Apple certainly doesn't notify law enforcement if it discovers your phone/tablet has been jailbroken; and many, many Android-Device OEMs take measures in an attempt to thwart casual "rooting" of their Devices, too.
  
  So, I'm not exactly sure why you are hating on Apple; because it seems like they are in line with the rest of the industry.
  
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
6. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 10:46 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
7. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 10:50 · Score: 1
  
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  The only requirement was that Google Apps be included wiki.rootzwiki.com/Google_Apps
8. Re: Not bug, a jailbreaker (root ones phone) by Anonymous Coward · 2015-09-16 11:04 · Score: 0
  
  Oh yeh, I like the second ammemdment, it ensures a lot of Americans kill each other, no downside at all.
9. Re:Not bug, a jailbreaker (root ones phone) by macs4all · 2015-09-16 11:56 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
  So, in other words, every single mobile OEM now has EXACTLY the same policy regarding rooting. So I NEVER want to see Apple singled-out on this topic, EVER AGAIN.
  
  The unfounded Apple hate around here is absolutely asinine.
10. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 12:17 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
  So, in other words, every single mobile OEM now has EXACTLY the same policy regarding rooting. So I NEVER want to see Apple singled-out on this topic, EVER AGAIN.
  The unfounded Apple hate around here is absolutely asinine.
  The question was name any.
11. Re:Not bug, a jailbreaker (root ones phone) by macs4all · 2015-09-16 13:32 · Score: 1
  
  The question was name any.
  And by their own words, they could not. What is past, is past. But the truth is, at the present, there is nor a single mobile OEM that embraces nor encourages rooting a mobile device of their manufacture. And you know why? Because it almost universally results in a gaping security hole. Regardless of brand or platform.
  
  People just need to get it through their addled brains that, although smartphones are in some ways (a lot of ways) "little computers", the use case and the amount of personal information that walks around casually in people's pockets on their smartphones, data that is but one wrong download from being beamed to who-knows-where, makes the whole idea of circumventing ANY of the security measures on such devices utterly foolhardy.
  
  And apparently, every single mobile device OEM agrees.
  
  Face it. Sometimes manufacturers are not simply trying to work with the Gummint. Sometimes even Evil Corp isn't trying to fuck us all...
Apple defending shit by kennycoder · 2015-09-16 02:05 · Score: 0

I wonder why people would immediately bash on Windows and keep defending apple's crap. Somehow double standards here.

--
Fucking a fat girl is like riding a scooter... it's fun 'til someone sees you.
1. Re:Apple defending shit by U2xhc2hkb3QgU3Vja3M · 2015-09-16 02:10 · Score: 5, Funny
  
  That's because Windows has complex security holes that require a lot of hacking. With this flaw, Apple clearly shows that hacking "just works" on their devices.
2. Re:Apple defending shit by Anonymous Coward · 2015-09-16 02:11 · Score: 0
  
  I wonder why people would immediately bash on Windows and keep defending apple's crap. Somehow double standards here.
  Who are "people?"
  Maybe you're engaging in selection bias. You're only noticing the people who defend Apple, and only noticing the people who bash Windows. There's plenty of people who do both, if you pay a little attention.
  In fact, considering there's only like 4 comments on the story at the time you posted this, it's not like anyone has even gotten a chance to do either.
  Hell, why do you even bring up Windows? This exploit is much more accessible on iDevices (who even knows AirDrop is a thing in OS X?) and their main competition is Android.
  (okay, enough engaging with trolls for the day.)
3. Re:Apple defending shit by Anonymous Coward · 2015-09-16 02:30 · Score: 0
  
  It's inertia. Microsoft was never not shit, but Apple was actually pretty cool once. Well, it's time to admit: Apple has turned into shit too.
4. Re:Apple defending shit by macs4all · 2015-09-16 10:09 · Score: 1
  
  who even knows AirDrop is a thing in OS X?
  NOW who's engaging in Selection Bias?
  
  IIRC, AirDrop was available for OS X BEFORE it came out for iOS.
  
  Yep. AirDrop was available on OS X 10.7 (Lion), released on July 10, 2011, but not available on iOS until iOS 7, some two years later.
  
  Way to keep up with technology, 'tard!
Yes... by koan · 2015-09-16 02:11 · Score: 0

It's a bug, not yet another NSA/GCHQ backdoor that offers Apple "deniability" of their collusion with intelligence agencies.

--
"If any question why we died, Tell them because our fathers lied."
1. Re:Yes... by BitZtream · 2015-09-16 02:22 · Score: 1
  
  ... The NSA want to steal your data, not fill your drive up with software signed by Apple that can be traced directly back to a well documented person that apple has communicated with financially on more than one occasion.
  You don't even know what this does, so just STFU
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
2. Re:Yes... by macs4all · 2015-09-16 10:24 · Score: 1
  
  It's a bug, not yet another NSA/GCHQ backdoor that offers Apple "deniability" of their collusion with intelligence agencies.
  Citation, please!
3. Re: Yes... by Anonymous Coward · 2015-09-16 11:55 · Score: 0
  
  Goto fail.
  No reasonable explanation. Patching error? Fuck off.
4. Re: Yes... by macs4all · 2015-09-16 13:03 · Score: 1
  
  Goto fail.
  No reasonable explanation. Patching error? Fuck off.
  Spoken by someone who has never written a line of code, nor screwed up a cut and paste operation.
5. Re: Yes... by Anonymous Coward · 2015-09-16 13:56 · Score: 0
  
  Show me the analysis how patch could allow the edits that were made and passed competent programmers audits and test units.
  I'm not an experienced programmer. I've coded and patched before. I know when a patch happens with or without fuzz. I know to check your code and properly test it before check-in.
  I don't recall the site, but after it became public, I recall reading a more detailed opinion on how it would be difficult to fuck up a few times to allow this to happen.
  You're a fucking NSA/Apple shill. Did you look into it at all?
  This isn't the site with the patch analysis doubt, but:
  https://gotofail.com/faq.html
  Q: Do you think the bug was an accident?
  As others have said "if I wanted to backdoor Apple's SSL this is how I'd do it". It is hard for me to believe that the second "goto fail;" was inserted accidently given that there were no other changes within a few lines of it. In my opinion, the bug is too easy to exploit for it to have been an NSA plant. My speculation is that someone put it in on purpose so they (or their buddy) could sell it.
6. Re: Yes... by macs4all · 2015-09-16 16:01 · Score: 1
  
  You're a fucking NSA/Apple shill. Did you look into it at all?
  LOL!!! You have NO idea how far both of those allegations are from the truth!
  
  Yes I have looked into it.
  
  The Internet is like the Bible: There are so many conflicting opinions, that you can prove ANY position. One site thinks that it is clear indication of purposeful sabotage; the next thinks that it is a cut and paste error; and the third site isn't sure, but says it's Apple, so it HAS to be evil.
  
  My honest opinion, if I had to guess, and as a person who has coded professionally for about four decades, was that someone intended to remove an "IF..." Statement (now deleted) on the line just above the second "goto fail" line, and simply failed to remove the "goto fail". I've actually made that mistake myself, more than once. Not often, but it does happen. Combine that with a little "testing bias", and there is absolutely a very real chance that this was an honest coding mistake.
I felt the same: "great minds think alike" by Anonymous Coward · 2015-09-16 02:18 · Score: 0

See subject: This is a case of do NOT leave it open to "everyone so it just works" - & it should be the opposite.
* In terms of Windows, I've always felt that YOU the user should be allowed to setup features YOURSELF - by that, I mean do NOT just "leave all services running by default" for example, but instead, during setup, allow YOU the user to be asked "Do you want REMOTE REGISTRY on, Yes, or No" for example (with an appropriate explanation of what the downsides MIGHT be should one make it active).
Not just services either (which the less of them you run, you go faster, but also more than potentially more secure also by not leaving "doors open" @ all) but, also other features.
APK
P.S.=> In any event, this is the price of "it just works immediately outta the box" - potential security exploits as well as slowing you down performance-wise (especially running things by default you may NOT need or use @ all)... apk
1. Re:I felt the same: "great minds think alike" by Anonymous Coward · 2015-09-16 03:11 · Score: 0
  
  I find having to ask the user "Do you want remote registry on?" a bit too advanced for the layperson. It should be defaulted to "No" when the user selects express setup, and put the question in the customize setup UI.
Don't use Airdrop so no worries by Anonymous Coward · 2015-09-16 02:19 · Score: 0

Don't use Airdrop so problem fixed. I'm not much in the Apple in general in terms of services and applications. Like the OS and the hardware. Not a fan of everything else. Apple generally get's in trouble with this stuff because they dumb down everything so it works. Thinking because it only connects to Apple devices it must be safe, right? Obviously the numbers of IOS devices makes them a better target now and hackers are finding exploits which many of us knew were always there just that nobody really cared. Android is still king simply because so many idiots jail brake their Android devices and open themselves up to hackers. Apple is by far much less exposed, and the fix for this Airdrop exploit is the IOS 9 upgrade. So if you use Airdrop get IOS 9 soon.
1. Re:Don't use Airdrop so no worries by Anonymous Coward · 2015-09-16 03:53 · Score: 0
  
  and the fix for this Airdrop exploit is the IOS 9 upgrade. So if you use Airdrop get IOS 9 soon.
  Why not patch the current version? Especially for devices that are not covered by iOS9.
2. Re:Don't use Airdrop so no worries by macs4all · 2015-09-16 10:28 · Score: 1
  
  Obviously the numbers of IOS devices makes them a better target now
  
  Wait! I thought that Android was the big gorilla, and iOS was at 14% and shrinking fast.
  
  So which is it?
  
  You are just saying anything to make yourself sound intelligent. Which you obviously are not; since you can't even use an APOSTROPHE correctly. It's POSSESIVE, not PLURALIZATION, FUCKTARD!
  
  Oh, and you might consider using a COMMA once in awhile, too.
3. Re:Don't use Airdrop so no worries by 0123456 · 2015-09-16 15:06 · Score: 1
  
  Why not patch the current version? Especially for devices that are not covered by iOS9.
  Is there a single device which is supported on 8.4 that isn't supported on 9?
  Correct me if I'm wrong, but, unlike Android's obsoleting devices every revision or two, I don't believe any device was obsoleted by IOS 9.
Suprised they got it working by Anonymous Coward · 2015-09-16 02:24 · Score: 0

I'm suprised they got Airdrop working at all.
If you don't have the latest and greatest hardware at the time of release it won't work at all.
That's the new "planned obsolescence" I guess.
1. Re:Suprised they got it working by NMBob · 2015-09-16 02:34 · Score: 1
  
  Yeah, I was surprised by this article. I can hardly ever get it to write files anywhere -- even where it's supposed to.
Users are now known as "her"? by Psychotria · 2015-09-16 02:27 · Score: 1

If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device.
What the fuck is wrong with using the word "their"?
Although...

Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices.
Perhaps Mark Dowd is female. If so then... Hmm. Then... I dunno.
Either way, there are a whole group of words that are not gender specific. Use them(!), and stop with this retarded "her" crap.
Thanks.
1. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 02:43 · Score: 2
  
  Maybe because "their" is a plural and "a user" is a singular noun?
  Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
2. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 02:50 · Score: 1
  
  "Their" is plural. English has no neuter - using "their" as neuter is incorrect. Using "her" is trying to be politically correct. Using "his" would have been grammatically correct.
3. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 02:54 · Score: 0
  
  Feminazis don't care. You WILL Think Right.
4. Re:Users are now known as "her"? by Psychotria · 2015-09-16 02:54 · Score: 1
  
  Since when is the word "their" plural?
  
  his, her, its — used with an indefinite third person singular antecedent
  
  (used after an indefinite singular antecedent in place of the definite masculine form his or the definite feminine form her)
  
  used to refer to one person in order to avoid saying "his or her": One of the students has left their book behind.
5. Re:Users are now known as "her"? by Psychotria · 2015-09-16 02:56 · Score: 1
  
  Oh, by the way, it's not a noun.
6. Re:Users are now known as "her"? by Psychotria · 2015-09-16 02:57 · Score: 0
  
  No, it's not plural. See above. Look up a dictionary. Read some books. Listen to some people speak.
7. Re:Users are now known as "her"? by Psychotria · 2015-09-16 03:12 · Score: 0
  
  Let's look at this another way.
  Given the statement "That rock is owned by Roger", we can determine that the singular rock is owned by a singular person (Roger). Thus, if someone asked "Is that Roger's rock?" then the response "Yes it is theirs" is grammatically correct (and always has been).
  Similarly, given the statement "That rock is owned by the three women sitting on top of it", we can determine that the rock is owned by three women. Therefore, if someone asks the question "Who owns that rock?" we can say "It is theirs."
  Why am I adding an s to "their"? Because that's the plural of their. "Their" vs. "Theirs".
  Or, are you suggesting that there is a yet undefined part of the English language that magically adds a third type of plural. If that's the case then I guess the word "geeses" is ok.
8. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 03:15 · Score: 0
  
  Schle disagrees. They should have used "schler" in that sentence.
9. Re:Users are now known as "her"? by Psychotria · 2015-09-16 03:16 · Score: 1
  
  Maybe this explains it better than I can: http://dictionary.cambridge.or...
10. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 04:07 · Score: 0
  
  What the fuck is wrong with using the word "their"?
  "Their" can also apply to EVIL WHITE MALES.
11. Re:Users are now known as "her"? by laie_techie · 2015-09-16 04:09 · Score: 1
  
  Let's look at this another way.
  Given the statement "That rock is owned by Roger", we can determine that the singular rock is owned by a singular person (Roger). Thus, if someone asked "Is that Roger's rock?" then the response "Yes it is theirs" is grammatically correct (and always has been).
  Historically, their and theirs means third person plural owners. In this politically correct age, these words are used when the gender and / or sex of the owner is not known. Since Roger is (most likely) male, the most correct answer would be Yes, it is his.
  
  Similarly, given the statement "That rock is owned by the three women sitting on top of it", we can determine that the rock is owned by three women. Therefore, if someone asks the question "Who owns that rock?" we can say "It is theirs."
  Third person plural owners has always been their or theirs; this has not changed due to political correctness.
  
  Why am I adding an s to "their"? Because that's the plural of their. "Their" vs. "Theirs".
  WRONG! You use theirs when you don't want to repeat the object. It is their rock (the rock belongs to them) vs It is theirs (It belongs to them). It's the same difference as my vs mine and your vs yours and our vs ours.
  
  Or, are you suggesting that there is a yet undefined part of the English language that magically adds a third type of plural. If that's the case then I guess the word "geeses" is ok.
12. Re:Users are now known as "her"? by BronsCon · 2015-09-16 05:00 · Score: 1
  
  Even if we assume you are correct, an unknown person may be either male or female. Let's call them a quantum person, as they've yet to be observed; they're simultaneously male and female. In this instance, neither "he" nor "she" ("his", "hers", "him", "her", etc, you get the point) are appropriate. However, given the dual nature of the unknown individual, "they" (or "their") is correct.
  
  I'm just gonna let the fact that "'they' is correct" is also grammatically correct burn into your brain for a bit. Have a nice day.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
13. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 05:00 · Score: 0
  
  If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device.
  What the fuck is wrong with using the word "their"?
  Well, it IS Apple, so it implies at least metrosexual, if not full-on homosexual, so "her" does fit gender-wise...
14. Re:Users are now known as "her"? by 93+Escort+Wagon · 2015-09-16 05:30 · Score: 1
  
  Even if we assume you are correct, an unknown person may be either male or female. Let's call them a quantum person, as they've yet to be observed; they're simultaneously male and female. In this instance, neither "he" nor "she" ("his", "hers", "him", "her", etc, you get the point) are appropriate. However, given the dual nature of the unknown individual, "they" (or "their") is correct.
  There are a lot of words being spent here for the purpose of ignoring the standard rule in English where using a male pronoun is the correct way to refer to a person of unknown or undetermined gender.
  
  --
  #DeleteChrome
15. Re:Users are now known as "her"? by BronsCon · 2015-09-16 05:36 · Score: 1
  
  Point me to a reference for that "standard" rule? Authoritative sources only, please.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
16. Re:Users are now known as "her"? by macs4all · 2015-09-16 10:39 · Score: 1
  
  Maybe because "their" is a plural and "a user" is a singular noun?
  Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
  
  Maybe because "their" is a plural and "a user" is a singular noun?
  Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
  I have to disagree with the grammar experts on this one. "Their", while not technically a singular possessive, is most assuredly less cumbersome than using "she or he" repeatedly (OMG, yuck!!!) or even worse, the non-word "S/he" or "Hir" (retch!!!).
  
  So, kind of like the word "sheep" or "deer", which can mean either singular or plural depending on context, or "Aloha" (yes, another language, but...) which can mean "Hello" or "Goodbye", again depending on context; I firmly believe that "their" SHOULD be acceptable as a gender-neutral possessive, with the "pluralness" derived from context (which is almost always easily done).
  
  That's exactly how language evolves. So, we either need to "grow" a reasonable gender-neutral singular possessive, or lighten up a bit regarding "their".
17. Re:Users are now known as "her"? by macs4all · 2015-09-16 10:44 · Score: 1
  
  Since when is the word "their" plural?
  When the antecedent refers to a group, e.g. "The crowd showed their approval by setting themselves on fire."
  
  Yes, you can use "its" there, too; but English has many de facto synonyms and has a quite flexible syntax. That's why it is a wonderful language for poetry and lyrics.
  
  As a contrast, try and do a pun in German. I don't think it can be done; because it is "one word, one definition". Great for scientific texts; horrible for plays-on-words.
18. Re:Users are now known as "her"? by BronsCon · 2015-09-17 09:22 · Score: 1
  
  Whenever I encounter someone who gets truly offended at the use of a gender-specific term, I start using a word I coined for just that scenario around them: hesheit. I usually get to say it once or twice before being asked what it is that I'm saying; shortly thereafter, "he" and "she" suddenly become acceptable again. Once, I had someone inquire as to why "he" came first in my coined term, insinuating that it was still sexist, so I pronounced the four possible permutations of the term not starting with "he" (sheheit, sheithe, itheshe, itshehe) and she replied with the remaining permutation (heitshe) before agreeing that I had, indeed, chosen correctly before requesting that I resume my use of "he" and "she".
  
  It's amazing how quickly people stop being offended by stupid shit as soon as you show them that the obvious alternatives are all much more offensive. And yes, "hesheit" is offensive; it's offensive to the tongue of the person saying it (though much less so than the other permutations), offensive to the person hearing it and, with a bit of imagination, can even be heard as other, more offensive, phrases. Once that's been considered, referring to an unidentified (to you) individual who the person you're speaking to happens to know is a woman as "he" becomes acceptable.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
To disable AirDrop by MAXOMENOS · 2015-09-16 02:40 · Score: 4, Informative

Check to see whether it's disabled already, open a command prompt and run:
defaults read com.apple.NetworkBrowser | grep DisableAirDrop
If it returns DisableAirDrop = 1, then you should be fine. If it comes up blank, or if it shows DisableAirDrop = 0, then AirDrop is not disabled by default. In this case, run:
defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES
You'll need to log out and log back in for the change to take effect.
references: this Apple Forums thread

--
Finding God in a Dog
1. Re:To disable AirDrop by Anonymous Coward · 2015-09-16 04:06 · Score: 1
  
  So, do you need to be jailbroken to do this, and is it okay to use this exploit to jailbreak prior to closing the loophole?
2. Re:To disable AirDrop by MAXOMENOS · 2015-09-16 06:33 · Score: 2
  
  Good point; I presume you're running OSX. If you're running iOS this won't work.
  
  --
  Finding God in a Dog
Serious implications by Anonymous Coward · 2015-09-16 02:47 · Score: 1

It does not matter if you have switched off airdrop or restricted its access to known contacts.
At a border crossing an officer can take your locked device and push some nasty payload to it.
Even a confirmation would be useless as it would be another guy pressing okay.
Fair enough... apk by Anonymous Coward · 2015-09-16 03:22 · Score: 0

See subject: An "express" vs. "custom" setup is a GOOD idea - point taken/agreed.
APK
1. Re:Fair enough... apk by Anonymous Coward · 2015-09-16 06:54 · Score: 0
  
  Too bad HOSTS are irrelevant in Windows 10. MS can bypass them at will. With these wonderful features begin backported to 8 & 7, APK needs a new job.
How much of this is... by unixisc · 2015-09-16 03:32 · Score: 1

...a kernel issue, rather than an issue w/ iOS or OS-X? Wouldn't they have to look at XNU and debug that?
Stupidity is a Vulnerability Now? by sudon't · 2015-09-16 07:19 · Score: 1

"If a user has AirDrop set to allow connections from anyone..."
Ok, so you have a setup where people can push files at you, and if you allow anybody to do it, someone might drop a malicious file in your system? What about the fact that Apple allows you to leave your laptop unattended and unlocked, say, on the subway? A malicious person could take over your whole computer! That's a serious vulnerability, and proves that Macs are no safer than Windows machines.

--
-- sudon't
Air-ride Equipped
Re: The enabling technology, itself, is ridiculous by Anonymous Coward · 2015-09-16 10:38 · Score: 0

You can enable airdrop on the lock screen by default. So even if you have it disabled, if an attacker has temporary physical access, they can re enable it
Seriously? by Anonymous Coward · 2015-09-16 11:19 · Score: 0

"Under normal circumstances, when the app is first installed on a new device, the device would throw up a dialog asking the user if she trusts the app. However, Dowd is able to suppress this prompt by installing an enterprise provisioning profile on the device and marking it as trusted."
How you gonna install enterprise provisioning profile onto the target device in the first place? Is that guy called Mark Dowd really a security researcher? Professionally? Not by hobby?
Easily gotten around thus... apk by Anonymous Coward · 2015-09-16 20:45 · Score: 0

TO REMOVE THE BOGUS OPTIONAL TELEMETRY HOTFIXES MANUALLY:
Open command prompt
Type powershell
issue these commands
---
TO SEE WHAT ONES ARE INSTALLED:
get-hotfix -id KB3035583, KB2952664,KB2976978,KB3021917,KB3044374,KB2990214
---
TO UNINSTALL THEM (these for sure, per url next below):
wusa /uninstall /kb:3035583
wusa /uninstall /kb:2952664
wusa /uninstall /kb:2976978
wusa /uninstall /kb:3021917
wusa /uninstall /kb:3044374
wusa /uninstall /kb:2990214
per http://www.ghacks.net/2015/04/...
---
DESCRIPTIONS OF EACH (these uninstalled properly):
KB3068708 (Telemetry)
KB3075249 (Telemetry)
KB3080149 (Telemetry)
KB3022345 (Telemetry)
KB2977759 (Windows 10 Upgrade preparation)
KB3021917 (Windows 10 Upgrade preparatioon + Telemetry)
KB3035583 (Windows 10 upgrade preparation)
---
I GOT "NOT INSTALLED ON THIS COMPUTER" ON THESE INITIALLY SINCE I HAD IE11 installed (PROBABLY ONES FOR IE9/10/11 &/or Windows 10 (I use Win7 here)):
KB3075249
KB3080149
KB2505438
* KB2670838 (See IE 9/10/11 notes below)
KB3044374
KB2990214 (Windows 10 Upgrade preparation)
KB2505438 (Although it claims to fix performance issues, it often breaks fonts)
KB2976978 (Windows 10 Upgrade preparation)
---
I GOT "NOT INSTALLED ON THIS COMPUTER" ON THESE (*PRIOR* TO PULLING KB2670838):
* KB2670838 (This update often breaks AERO on Windows 7 and makes some fonts on websites fuzzy. A Windows 7 specific update only
(do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install to avoid this).
THESE RE-APPEAR AFTER UNINSTALLING IE11 RIGHT ON RESTARTING & CHECKING WINDOWS UPDATE:
* KB2952664 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
* KB3021917 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
* KB3068708 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
* KB3092627 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
---
run cmd as administrator
sc stop Diagtrack
sc delete Diagtrack
---
*Task Scheduler Library:
Everything under "Application Experience"
Everything under "Autochk"
Everything under "Customer Experience Improvement Program"
Under "Disk Diagnostic" only the "Microsoft-Windows-DiskDiagnosticDataCollector"
Under "Maintenance" "WinSAT"
"Media Center" and click the "status" column, then select all non-disabled entries and disable them.
*services.msc:
"Remote Registry" to "Disabled" instead of "Manual".
---
IMPORTANT ONE IS GROUP POLICY (gpedit.msc):
Go to Control Panel, Administrative Templates, System
Internet Communication Management, Internet Communication Settings
ENABLE (to turn it on, it is a disabler)
"Turn off Windows Customer Experience Improvement Program"
(IF YOU HAVE Windows "home" (less than Pro models), export the section of the registry involved from a Pro system & merge the .reg file you exported - should work well enough to do the job here for those of you using that lesser model of Windows)
APK
P.S.=> ... And, "VOILA", my subject-line's true, & the Windows telemetry is GONE with the dawn, easily... apk