Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

Re:Apple defending shit

[U2xhc2hkb3QgU3Vja3M]

That's because Windows has complex security holes that require a lot of hacking. With this flaw, Apple clearly shows that hacking "just works" on their devices.

Re:The enabling technology, itself, is ridiculous.

[gmack]

Years of using slashdot would keep me from enabling such a function even without the security implications. I can imagine some troll sending tubgirl or goat.cx pics to anyone they can.