Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

← Back to Stories (view on slashdot.org)

Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Posted by Soulskill on Wednesday September 16, 2015 @01:48AM from the hide-and-seek-with-files dept.

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

60 of 94 comments (clear)

Min score:

Reason:

Sort:

The enabling technology, itself, is ridiculous. by Osiris+Ani · 2015-09-16 02:01 · Score: 5, Insightful

Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
1. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:12 · Score: 2, Insightful
  
  Except that's the only time it's useful.
  Anyone you actually know you can just email the file to and they can get at their leisure. The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
2. Re:The enabling technology, itself, is ridiculous. by Galaga88 · 2015-09-16 02:14 · Score: 4, Informative
  
  I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this - thankfully.
  I've actually enabled AirDrop receiving requests from anybody on my iPhone (which I'm about to change) and have never gotten anything via it, unsolicited or otherwise. In fact, I'm the only person I've ever seen use AirDrop, and I had to tell the other person how to turn it on in each case.
3. Re:The enabling technology, itself, is ridiculous. by Galaga88 · 2015-09-16 02:15 · Score: 1
  
  Maybe Apple should change the behavior of "accept from everybody." Make it so it only stays active for 15 minutes, and then goes back to contacts only. It'd be closer to Bluetooth discovery then.
4. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:26 · Score: 3, Insightful
  
  The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
  So basically, “I don’t know you, or I don’t trust you enough to give you my contact information, but here-- put something onto my phone.”
  You’re lucky someone else beat you to it, because at least that makes your statement only the second-stupidest thing I’ve read today.
5. Re:The enabling technology, itself, is ridiculous. by BitZtream · 2015-09-16 02:29 · Score: 4, Informative
  
  Considering that were talking about signed apps that don't have the security warning, it also means the app can be traced to a specific individual or organization ... And that certificate can be blacklisted effectively stopping the attack vector on a global scale, instantly. While directly identifying who to prosecute and seize funds from. Apple gives out the signed certs, you don't just generate a very and poof it's no longer warning anyone, it has to be signed by Apple (the cert, not the app on OSX).
  So while this is a concern ... It requires that you disable MULTIPLE security features and do several stupid things to intentionally give everyone access to your devices.
  Hope they fix it quickly in case this can be exploited in other actually scary ways, but this scares me less than Trojans on a jail broken phone ... And my phone isn't jail broken!
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
6. Re:The enabling technology, itself, is ridiculous. by DougOtto · 2015-09-16 02:30 · Score: 4, Insightful
  
  Um no. If you put your device in "fuck me mode" because you're worried about your privacy, your doing it wrong. I don't blame you for posting AC, I wouldn't want admit that asshattery either.
  
  --
  Solving Unix problems since 1989...
7. Re:The enabling technology, itself, is ridiculous. by StikyPad · 2015-09-16 02:32 · Score: 2
  
  I think AirDrop defaults to contacts only
  It prompts me each time I enable it from the swipe-up menu, at least on iOS 8.1.
  
  --
  https://www.eff.org/https-everywhere
8. Re:The enabling technology, itself, is ridiculous. by Qzukk · 2015-09-16 02:40 · Score: 1
  
  I consider the setting that allows it
  Is it the setting that allows it? Or does it work in the other settings too, but limited to just your "friends"? Now I'm tempted to see what kind of joke app I can throw together and get on my coworker's phone before Apple fixes this (of course, if I get my dev cert revoked by Apple that'd be bad, so I won't... but the temptation is there)
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
9. Re:The enabling technology, itself, is ridiculous. by StikyPad · 2015-09-16 02:40 · Score: 1
  
  It wouldn't be difficult to steal a signing key.
  Ok, it might be difficult, but it's certainly not impossible or unheard of. They've been found in GitHub repos, for example.
  If an malware app was installed without an icon, it could spread prolifically before anybody detected it and the signature could be revoked. Depending on the purpose, it might not need to survive very long anyway.
  If anyone actually used AirDrop, that is. I don't know anybody who does, or has it enabled. Most people just send photos via text or email, and share apps via links, if at all. The only time I've personally used it was in a location with poor cell service and no WiFi. I just turned it on in my office, and it didn't find anyone nearby either. YMMV...
  
  --
  https://www.eff.org/https-everywhere
10. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 02:41 · Score: 2, Interesting
  
  You know why Linux isn't the amazing success that Slashdotters think it should be? Because it's clear no one has ever interacted with real people, ever. Here, let me paint you a picture, I call it "literally the only time I've ever seen AirDrop used, ever."
  You're at a convention. There are people cosplaying. Two cosplayers who don't know each other but are cosplaying characters from the same show meet and do a pose and someone else takes a picture. The picture looks cool and one of the cosplayers says "ooo, send me that picture." Rather than exchange contact information, the picture taker AirDrops the picture onto the cosplayer's phone.
  And there you go, literally the only time I've ever seen anyone use AirDrop - to share a picture they just took with someone they didn't know and didn't want to share contact information with.
  AirDrop is only useful when, for whatever reason, you want to share some document of some form with someone you don't know and don't feel like setting up a "proper" channel to. Otherwise there's no reason to use it over email.
11. Re:The enabling technology, itself, is ridiculous. by myowntrueself · 2015-09-16 02:41 · Score: 2, Insightful
  
  Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
  The thing is, the iOS device is supposed to have a secure filesystem so that applications can't even share data via the local filesystem. And you can't just plug an iPhone into a USB port and drop whatever files you want on it, as if it were a USB thumbdrive. So iDevice users have been lulled into this sense of security that they can open up some space on their phone/tablet/iwhatever and that can't be abused, because Apple is so amazingly good at security. Except they aren't so oops.
  
  --
  In the free world the media isn't government run; the government is media run.
12. Re:The enabling technology, itself, is ridiculous. by Galaga88 · 2015-09-16 02:46 · Score: 4, Insightful
  
  Because I would have seen a prompt asking me to accept or decline a file. And I think it's safe to say that given the place I work and community in which I live, I have a better chance of having been killed in a traffic accident than somebody coming within AirDrop range and targeting me with an unpublished iOS vulnerability.
  Plus I just updated to iOS 9 which in all likelihood would have wiped out any nefarious stuff that had been installed by this mystery attacker-ninja.
13. Re:The enabling technology, itself, is ridiculous. by gmack · 2015-09-16 03:41 · Score: 3, Funny
  
  Years of using slashdot would keep me from enabling such a function even without the security implications. I can imagine some troll sending tubgirl or goat.cx pics to anyone they can.
14. Re:The enabling technology, itself, is ridiculous. by U2xhc2hkb3QgU3Vja3M · 2015-09-16 04:09 · Score: 1
  
  Pika! (as SFW as a cheerleader photo)
15. Re:The enabling technology, itself, is ridiculous. by Anonymous Coward · 2015-09-16 04:24 · Score: 1
  
  and this is why the rest of the world (Android, Windows Phone) is much better.
  You set up the connection by NFC, which requires you to put your phones in physical contact with one-another first -- then it sets up the network for file transfer.
  *Much* more private and secure. I remember when everyone was worried about NFC / Android Beam dropping files everywhere... for some reason (cough), this never was a security concern for the much more promiscuous I thingies.
16. Re:The enabling technology, itself, is ridiculous. by 93+Escort+Wagon · 2015-09-16 05:21 · Score: 3, Interesting
  
  Given this bug, how can you know that?
  If you'd read the article, you'd have seen that the way to bypass the authorization prompt was by "nstalling an enterprise provisioning profile on the device and marking it as trusted."
  Sounds to me like AirDrop is superfluous in this case. If my device has an enterprise provisioning profile, I believe that enterprise can already put whatever it wants on it.
  So, if anything, this sounds like a sandboxing issue (you can put files in arbitrary locations on the device) rather than an AirDrop issue.
  
  --
  #DeleteChrome
17. Re:The enabling technology, itself, is ridiculous. by macs4all · 2015-09-16 06:15 · Score: 2
  
  Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
  Exactly.
  
  If this was a flaw in Android, all the Fandroids would be blaming the User. Bet they won't feel the same about Apple, though.
18. Re:The enabling technology, itself, is ridiculous. by macs4all · 2015-09-16 06:16 · Score: 1
  
  Maybe Apple should change the behavior of "accept from everybody." Make it so it only stays active for 15 minutes, and then goes back to contacts only. It'd be closer to Bluetooth discovery then.
  I agree that that would be a quick and dirty solution; but probably effective.
19. Re:The enabling technology, itself, is ridiculous. by flink · 2015-09-16 07:24 · Score: 1
  
  AirDrop is only useful when, for whatever reason, you want to share some document of some form with someone you don't know and don't feel like setting up a "proper" channel to. Otherwise there's no reason to use it over email.
  It's also useful when you want to share a largish video without down sampling it or going through the rigmarole of syncing the phone and copying the file between PCs. This is literally the only time I've used it: to exchange a video of our daughter with my wife.
20. Re:The enabling technology, itself, is ridiculous. by macs4all · 2015-09-16 09:45 · Score: 1
  
  because Apple is so amazingly good at security. Except they aren't so oops.
  Mighty haughty words, considering Android's "security" record.
21. Re:The enabling technology, itself, is ridiculous. by Zaiff+Urgulbunger · 2015-09-16 10:03 · Score: 1
  
  You're forgetting that people are stupid.
Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 02:05 · Score: 1

Use it or lose it.
1. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 02:08 · Score: 1
  
  Use it or lose it.
  I should mention I don't have an Apple phone, but would be trying to root it.
2. Re:Not bug, a jailbreaker (root ones phone) by Overzeetop · 2015-09-16 03:29 · Score: 2
  
  Which means that if it were a gun, every American would be allowed to jailbreak/root their phone by birthright and protected by the constitution.
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  
  --
  Is it just my observation, or are there way too many stupid people in the world?
3. Re:Not bug, a jailbreaker (root ones phone) by macs4all · 2015-09-16 09:56 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Apple certainly doesn't notify law enforcement if it discovers your phone/tablet has been jailbroken; and many, many Android-Device OEMs take measures in an attempt to thwart casual "rooting" of their Devices, too.
  
  So, I'm not exactly sure why you are hating on Apple; because it seems like they are in line with the rest of the industry.
  
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
4. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 10:46 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
5. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 10:50 · Score: 1
  
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  The only requirement was that Google Apps be included wiki.rootzwiki.com/Google_Apps
6. Re:Not bug, a jailbreaker (root ones phone) by macs4all · 2015-09-16 11:56 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
  So, in other words, every single mobile OEM now has EXACTLY the same policy regarding rooting. So I NEVER want to see Apple singled-out on this topic, EVER AGAIN.
  
  The unfounded Apple hate around here is absolutely asinine.
7. Re:Not bug, a jailbreaker (root ones phone) by Trax3001BBS · 2015-09-16 12:17 · Score: 1
  
  Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
  Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
  That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
  No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
  So, in other words, every single mobile OEM now has EXACTLY the same policy regarding rooting. So I NEVER want to see Apple singled-out on this topic, EVER AGAIN.
  The unfounded Apple hate around here is absolutely asinine.
  The question was name any.
8. Re:Not bug, a jailbreaker (root ones phone) by macs4all · 2015-09-16 13:32 · Score: 1
  
  The question was name any.
  And by their own words, they could not. What is past, is past. But the truth is, at the present, there is nor a single mobile OEM that embraces nor encourages rooting a mobile device of their manufacture. And you know why? Because it almost universally results in a gaping security hole. Regardless of brand or platform.
  
  People just need to get it through their addled brains that, although smartphones are in some ways (a lot of ways) "little computers", the use case and the amount of personal information that walks around casually in people's pockets on their smartphones, data that is but one wrong download from being beamed to who-knows-where, makes the whole idea of circumventing ANY of the security measures on such devices utterly foolhardy.
  
  And apparently, every single mobile device OEM agrees.
  
  Face it. Sometimes manufacturers are not simply trying to work with the Gummint. Sometimes even Evil Corp isn't trying to fuck us all...
Re:Apple defending shit by U2xhc2hkb3QgU3Vja3M · 2015-09-16 02:10 · Score: 5, Funny

That's because Windows has complex security holes that require a lot of hacking. With this flaw, Apple clearly shows that hacking "just works" on their devices.
Re:Yes... by BitZtream · 2015-09-16 02:22 · Score: 1

... The NSA want to steal your data, not fill your drive up with software signed by Apple that can be traced directly back to a well documented person that apple has communicated with financially on more than one occasion.
You don't even know what this does, so just STFU

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Users are now known as "her"? by Psychotria · 2015-09-16 02:27 · Score: 1

If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device.
What the fuck is wrong with using the word "their"?
Although...

Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices.
Perhaps Mark Dowd is female. If so then... Hmm. Then... I dunno.
Either way, there are a whole group of words that are not gender specific. Use them(!), and stop with this retarded "her" crap.
Thanks.
1. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 02:43 · Score: 2
  
  Maybe because "their" is a plural and "a user" is a singular noun?
  Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
2. Re:Users are now known as "her"? by Anonymous Coward · 2015-09-16 02:50 · Score: 1
  
  "Their" is plural. English has no neuter - using "their" as neuter is incorrect. Using "her" is trying to be politically correct. Using "his" would have been grammatically correct.
3. Re:Users are now known as "her"? by Psychotria · 2015-09-16 02:54 · Score: 1
  
  Since when is the word "their" plural?
  
  his, her, its — used with an indefinite third person singular antecedent
  
  (used after an indefinite singular antecedent in place of the definite masculine form his or the definite feminine form her)
  
  used to refer to one person in order to avoid saying "his or her": One of the students has left their book behind.
4. Re:Users are now known as "her"? by Psychotria · 2015-09-16 02:56 · Score: 1
  
  Oh, by the way, it's not a noun.
5. Re:Users are now known as "her"? by Psychotria · 2015-09-16 03:16 · Score: 1
  
  Maybe this explains it better than I can: http://dictionary.cambridge.or...
6. Re:Users are now known as "her"? by laie_techie · 2015-09-16 04:09 · Score: 1
  
  Let's look at this another way.
  Given the statement "That rock is owned by Roger", we can determine that the singular rock is owned by a singular person (Roger). Thus, if someone asked "Is that Roger's rock?" then the response "Yes it is theirs" is grammatically correct (and always has been).
  Historically, their and theirs means third person plural owners. In this politically correct age, these words are used when the gender and / or sex of the owner is not known. Since Roger is (most likely) male, the most correct answer would be Yes, it is his.
  
  Similarly, given the statement "That rock is owned by the three women sitting on top of it", we can determine that the rock is owned by three women. Therefore, if someone asks the question "Who owns that rock?" we can say "It is theirs."
  Third person plural owners has always been their or theirs; this has not changed due to political correctness.
  
  Why am I adding an s to "their"? Because that's the plural of their. "Their" vs. "Theirs".
  WRONG! You use theirs when you don't want to repeat the object. It is their rock (the rock belongs to them) vs It is theirs (It belongs to them). It's the same difference as my vs mine and your vs yours and our vs ours.
  
  Or, are you suggesting that there is a yet undefined part of the English language that magically adds a third type of plural. If that's the case then I guess the word "geeses" is ok.
7. Re:Users are now known as "her"? by BronsCon · 2015-09-16 05:00 · Score: 1
  
  Even if we assume you are correct, an unknown person may be either male or female. Let's call them a quantum person, as they've yet to be observed; they're simultaneously male and female. In this instance, neither "he" nor "she" ("his", "hers", "him", "her", etc, you get the point) are appropriate. However, given the dual nature of the unknown individual, "they" (or "their") is correct.
  
  I'm just gonna let the fact that "'they' is correct" is also grammatically correct burn into your brain for a bit. Have a nice day.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
8. Re:Users are now known as "her"? by 93+Escort+Wagon · 2015-09-16 05:30 · Score: 1
  
  Even if we assume you are correct, an unknown person may be either male or female. Let's call them a quantum person, as they've yet to be observed; they're simultaneously male and female. In this instance, neither "he" nor "she" ("his", "hers", "him", "her", etc, you get the point) are appropriate. However, given the dual nature of the unknown individual, "they" (or "their") is correct.
  There are a lot of words being spent here for the purpose of ignoring the standard rule in English where using a male pronoun is the correct way to refer to a person of unknown or undetermined gender.
  
  --
  #DeleteChrome
9. Re:Users are now known as "her"? by BronsCon · 2015-09-16 05:36 · Score: 1
  
  Point me to a reference for that "standard" rule? Authoritative sources only, please.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
10. Re:Users are now known as "her"? by macs4all · 2015-09-16 10:39 · Score: 1
  
  Maybe because "their" is a plural and "a user" is a singular noun?
  Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
  
  Maybe because "their" is a plural and "a user" is a singular noun?
  Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
  I have to disagree with the grammar experts on this one. "Their", while not technically a singular possessive, is most assuredly less cumbersome than using "she or he" repeatedly (OMG, yuck!!!) or even worse, the non-word "S/he" or "Hir" (retch!!!).
  
  So, kind of like the word "sheep" or "deer", which can mean either singular or plural depending on context, or "Aloha" (yes, another language, but...) which can mean "Hello" or "Goodbye", again depending on context; I firmly believe that "their" SHOULD be acceptable as a gender-neutral possessive, with the "pluralness" derived from context (which is almost always easily done).
  
  That's exactly how language evolves. So, we either need to "grow" a reasonable gender-neutral singular possessive, or lighten up a bit regarding "their".
11. Re:Users are now known as "her"? by macs4all · 2015-09-16 10:44 · Score: 1
  
  Since when is the word "their" plural?
  When the antecedent refers to a group, e.g. "The crowd showed their approval by setting themselves on fire."
  
  Yes, you can use "its" there, too; but English has many de facto synonyms and has a quite flexible syntax. That's why it is a wonderful language for poetry and lyrics.
  
  As a contrast, try and do a pun in German. I don't think it can be done; because it is "one word, one definition". Great for scientific texts; horrible for plays-on-words.
12. Re:Users are now known as "her"? by BronsCon · 2015-09-17 09:22 · Score: 1
  
  Whenever I encounter someone who gets truly offended at the use of a gender-specific term, I start using a word I coined for just that scenario around them: hesheit. I usually get to say it once or twice before being asked what it is that I'm saying; shortly thereafter, "he" and "she" suddenly become acceptable again. Once, I had someone inquire as to why "he" came first in my coined term, insinuating that it was still sexist, so I pronounced the four possible permutations of the term not starting with "he" (sheheit, sheithe, itheshe, itshehe) and she replied with the remaining permutation (heitshe) before agreeing that I had, indeed, chosen correctly before requesting that I resume my use of "he" and "she".
  
  It's amazing how quickly people stop being offended by stupid shit as soon as you show them that the obvious alternatives are all much more offensive. And yes, "hesheit" is offensive; it's offensive to the tongue of the person saying it (though much less so than the other permutations), offensive to the person hearing it and, with a bit of imagination, can even be heard as other, more offensive, phrases. Once that's been considered, referring to an unidentified (to you) individual who the person you're speaking to happens to know is a woman as "he" becomes acceptable.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Re:Suprised they got it working by NMBob · 2015-09-16 02:34 · Score: 1

Yeah, I was surprised by this article. I can hardly ever get it to write files anywhere -- even where it's supposed to.
To disable AirDrop by MAXOMENOS · 2015-09-16 02:40 · Score: 4, Informative

Check to see whether it's disabled already, open a command prompt and run:
defaults read com.apple.NetworkBrowser | grep DisableAirDrop
If it returns DisableAirDrop = 1, then you should be fine. If it comes up blank, or if it shows DisableAirDrop = 0, then AirDrop is not disabled by default. In this case, run:
defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES
You'll need to log out and log back in for the change to take effect.
references: this Apple Forums thread

--
Finding God in a Dog
1. Re:To disable AirDrop by Anonymous Coward · 2015-09-16 04:06 · Score: 1
  
  So, do you need to be jailbroken to do this, and is it okay to use this exploit to jailbreak prior to closing the loophole?
2. Re:To disable AirDrop by MAXOMENOS · 2015-09-16 06:33 · Score: 2
  
  Good point; I presume you're running OSX. If you're running iOS this won't work.
  
  --
  Finding God in a Dog
Serious implications by Anonymous Coward · 2015-09-16 02:47 · Score: 1

It does not matter if you have switched off airdrop or restricted its access to known contacts.
At a border crossing an officer can take your locked device and push some nasty payload to it.
Even a confirmation would be useless as it would be another guy pressing okay.
How much of this is... by unixisc · 2015-09-16 03:32 · Score: 1

...a kernel issue, rather than an issue w/ iOS or OS-X? Wouldn't they have to look at XNU and debug that?
Re:Not exactly new. by jedidiah · 2015-09-16 04:48 · Score: 1

That sounds like a really weak attempt to come to the rescue of your favorite corporate brand.
If it's a fundemental design bug, then it's still a bug.

--
A Pirate and a Puritan look the same on a balance sheet.
Stupidity is a Vulnerability Now? by sudon't · 2015-09-16 07:19 · Score: 1

"If a user has AirDrop set to allow connections from anyone..."
Ok, so you have a setup where people can push files at you, and if you allow anybody to do it, someone might drop a malicious file in your system? What about the fact that Apple allows you to leave your laptop unattended and unlocked, say, on the subway? A malicious person could take over your whole computer! That's a serious vulnerability, and proves that Macs are no safer than Windows machines.

--
-- sudon't
Air-ride Equipped
Re:Apple defending shit by macs4all · 2015-09-16 10:09 · Score: 1

who even knows AirDrop is a thing in OS X?
NOW who's engaging in Selection Bias?

IIRC, AirDrop was available for OS X BEFORE it came out for iOS.

Yep. AirDrop was available on OS X 10.7 (Lion), released on July 10, 2011, but not available on iOS until iOS 7, some two years later.

Way to keep up with technology, 'tard!
Re:Yes... by macs4all · 2015-09-16 10:24 · Score: 1

It's a bug, not yet another NSA/GCHQ backdoor that offers Apple "deniability" of their collusion with intelligence agencies.
Citation, please!
Re:Don't use Airdrop so no worries by macs4all · 2015-09-16 10:28 · Score: 1

Obviously the numbers of IOS devices makes them a better target now

Wait! I thought that Android was the big gorilla, and iOS was at 14% and shrinking fast.

So which is it?

You are just saying anything to make yourself sound intelligent. Which you obviously are not; since you can't even use an APOSTROPHE correctly. It's POSSESIVE, not PLURALIZATION, FUCKTARD!

Oh, and you might consider using a COMMA once in awhile, too.
Re: Yes... by macs4all · 2015-09-16 13:03 · Score: 1

Goto fail.
No reasonable explanation. Patching error? Fuck off.
Spoken by someone who has never written a line of code, nor screwed up a cut and paste operation.
Re:Don't use Airdrop so no worries by 0123456 · 2015-09-16 15:06 · Score: 1

Why not patch the current version? Especially for devices that are not covered by iOS9.
Is there a single device which is supported on 8.4 that isn't supported on 9?
Correct me if I'm wrong, but, unlike Android's obsoleting devices every revision or two, I don't believe any device was obsoleted by IOS 9.
Re: Yes... by macs4all · 2015-09-16 16:01 · Score: 1

You're a fucking NSA/Apple shill. Did you look into it at all?
LOL!!! You have NO idea how far both of those allegations are from the truth!

Yes I have looked into it.

The Internet is like the Bible: There are so many conflicting opinions, that you can prove ANY position. One site thinks that it is clear indication of purposeful sabotage; the next thinks that it is a cut and paste error; and the third site isn't sure, but says it's Apple, so it HAS to be evil.

My honest opinion, if I had to guess, and as a person who has coded professionally for about four decades, was that someone intended to remove an "IF..." Statement (now deleted) on the line just above the second "goto fail" line, and simply failed to remove the "goto fail". I've actually made that mistake myself, more than once. Not often, but it does happen. Combine that with a little "testing bias", and there is absolutely a very real chance that this was an honest coding mistake.