Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

Re:The enabling technology, itself, is ridiculous.

You know why Linux isn't the amazing success that Slashdotters think it should be? Because it's clear no one has ever interacted with real people, ever. Here, let me paint you a picture, I call it "literally the only time I've ever seen AirDrop used, ever."

You're at a convention. There are people cosplaying. Two cosplayers who don't know each other but are cosplaying characters from the same show meet and do a pose and someone else takes a picture. The picture looks cool and one of the cosplayers says "ooo, send me that picture." Rather than exchange contact information, the picture taker AirDrops the picture onto the cosplayer's phone.

And there you go, literally the only time I've ever seen anyone use AirDrop - to share a picture they just took with someone they didn't know and didn't want to share contact information with.

AirDrop is only useful when, for whatever reason, you want to share some document of some form with someone you don't know and don't feel like setting up a "proper" channel to. Otherwise there's no reason to use it over email.

Re:The enabling technology, itself, is ridiculous.

[93+Escort+Wagon]

Given this bug, how can you know that?

If you'd read the article, you'd have seen that the way to bypass the authorization prompt was by "nstalling an enterprise provisioning profile on the device and marking it as trusted."

Sounds to me like AirDrop is superfluous in this case. If my device has an enterprise provisioning profile, I believe that enterprise can already put whatever it wants on it.

So, if anything, this sounds like a sandboxing issue (you can put files in arbitrary locations on the device) rather than an AirDrop issue.