Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

The enabling technology, itself, is ridiculous.

[Osiris+Ani]

Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.

Re:Apple defending shit

[U2xhc2hkb3QgU3Vja3M]

That's because Windows has complex security holes that require a lot of hacking. With this flaw, Apple clearly shows that hacking "just works" on their devices.