AirDrop vulnerability: millions of Apple devices can be silently installed malicious application-vulnerability warning-the black bar safety net

ID MYHACK58:62201567097
Type myhack58
Reporter 佚名
Modified 2015-09-18T00:00:00


AirDrop file transfer feature on a vulnerability exists, a malicious application may be silently installed on millions of Apple device, and replace the legitimate app. AirDrop is Apple developed for inter-device direct technology to transfer files, but security researchers Mark Dowd was in iOS and OS X discovered a serious vulnerability, an attacker could exploit the vulnerability to rewrite the target device on any file, even if the user does not select to receive the file, you can also to device push install a malicious app. Vulnerability details analysis Dowd, Sydney Azimuth Security company's founder and Director, through a combination of the vulnerability and other strategies to bypass the iOS system on the code signing protection mechanisms. He used his Apple enterprise certificate for the test app created a file, so that the app can run on any device. Under normal circumstances, if the app is first installed on a new device, the device will pop up a dialog box asking whether to trust the app. However, Dowd create enterprise authorization file can prevent the dialog box popping up, and mark it as trusted and. Dowd in their mail wrote: “When you're through AirDrop to send a package, it will be on the phone pop-up a prompt, asking the user whether to accept the package. The user must unlock the phone to accept or to cancel it, but this is not important, because in the prompt sent to the user at the same time, the vulnerability has been triggered.” The attacker may also exploit this vulnerability to perform a directory traversal attack, in any of the file system writing the file. The vulnerable library is a iOS and OS X the default installation of a library, Dowd has been to Apple's official report of the vulnerability, Apple has released a fix measures, but the latest iOS 9 operating system is also not completely fix the problem, and is currently also don't know Apple's official when to fully fix the vulnerability.