Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Posted by Soulskill on from the hide-and-seek-with-files dept.

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

3 of 94 comments (clear)

  1. Re:The enabling technology, itself, is ridiculous. by Galaga88 · · Score: 4, Informative

    I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this - thankfully.

    I've actually enabled AirDrop receiving requests from anybody on my iPhone (which I'm about to change) and have never gotten anything via it, unsolicited or otherwise. In fact, I'm the only person I've ever seen use AirDrop, and I had to tell the other person how to turn it on in each case.

  2. Re:The enabling technology, itself, is ridiculous. by BitZtream · · Score: 4, Informative

    Considering that were talking about signed apps that don't have the security warning, it also means the app can be traced to a specific individual or organization ... And that certificate can be blacklisted effectively stopping the attack vector on a global scale, instantly. While directly identifying who to prosecute and seize funds from. Apple gives out the signed certs, you don't just generate a very and poof it's no longer warning anyone, it has to be signed by Apple (the cert, not the app on OSX).

    So while this is a concern ... It requires that you disable MULTIPLE security features and do several stupid things to intentionally give everyone access to your devices.

    Hope they fix it quickly in case this can be exploited in other actually scary ways, but this scares me less than Trojans on a jail broken phone ... And my phone isn't jail broken!

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  3. To disable AirDrop by MAXOMENOS · · Score: 4, Informative

    Check to see whether it's disabled already, open a command prompt and run:

    defaults read com.apple.NetworkBrowser | grep DisableAirDrop

    If it returns DisableAirDrop = 1, then you should be fine. If it comes up blank, or if it shows DisableAirDrop = 0, then AirDrop is not disabled by default. In this case, run:

    defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES

    You'll need to log out and log back in for the change to take effect.

    references: this Apple Forums thread

    --
    Finding God in a Dog