AirDrop/AirPlay Vulnerability found - severe

C

CT_Biker

Expert Member
Joined
Sep 10, 2016
Messages
2,928
Reaction score
1,825
Location
Cape Town
Please see the article below as written by the research group who found these vulnerabilities. The vulnerability is pretty severe.

If it is not off already please turn off AirDrop/AirPlay receiver

www.oligo.security

Airborne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security

Oligo Security reveals AirBorne, a new set of vulnerabilities in Apple’s AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide — and how to protect yourself.
www.oligo.security www.oligo.security
 
Bit of a drama about nothing really.

Unless your local network is entirely unsecured wirelessly or people can physically plug into it without your knowing (you have far bigger problems then) this is really a non-event.

It also has NOTHING to do with Airdrop.

It’s also been patched, so instead of panicking and turning things off that aren’t even a concern to start with…just update your ****.
 
Lest we forget the common user is not that security minded.

I am quite curious if one can use an exploit like this to break out of Apples application sandboxing
 
CT_Biker said:
Lest we forget the common user is not that security minded.

I am quite curious if one can use an exploit like this to break out of Apples application sandboxing
Click to expand...

Doubt it.

Even with fully open developer access you can’t do that, baked right into the OS design.
 
SauRoNZA said:
Doubt it.

Even with fully open developer access you can’t do that, baked right into the OS design.
Click to expand...

I am confident enough to agree, however I have become particularly cautious when it comes to tech these days.
 
It is quite a serious vulnerability (a few of them) and interesting use of chaining CVE's to upgrade medium risks to critical ones.

It is however patched as long as your Apple devices are all updating which they should be.

Interesting research from Oligo. I remember the year before last at a conference in Vegas and someone kept sending airplay requests out all the time lol. Was so irritating finally turned it off.
 
neoprema said:
It is quite a serious vulnerability (a few of them) and interesting use of chaining CVE's to upgrade medium risks to critical ones.

It is however patched as long as your Apple devices are all updating which they should be.

Interesting research from Oligo. I remember the year before last at a conference in Vegas and someone kept sending airplay requests out all the time lol. Was so irritating finally turned it off.
Click to expand...
This is going to sound weird, but in my past life when frequenting gay clubs often times what would often happen is that other patrons would often send images via airplay; sometimes harmless sometimes a bit more personal based what their intentions are. This never happened to me personally, but it would often to friends who are more open to that type of shyte.
 
CT_Biker said:
This is going to sound weird, but in my past life when frequenting gay clubs often times what would often happen is that other patrons would often send images via airplay; sometimes harmless sometimes a bit more personal based what their intentions are. This never happened to me personally, but it would often to friends who are more open to that type of shyte.
Click to expand...
Yeah i think a lot of people also default to allowing all for Airdrop because its more convenient. not realizing that it means you can receive from anyone. airplay is the same. Bluetooth file sharing also on other phone brands - if you didn't tell some of the older phones not to receive BT files they would preview them anyway then ask what you want to do with it.

I think these days its taken more of an invasion of privacy too, hence the default is to not accept unless you change it.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X