AirDrop exploit can be used to push malicious apps to iOS and OS X ~ HindSight Technologies™

9.16.2015

AirDrop exploit can be used to push malicious apps to iOS and OS X

19:00 AirDrop, Apple, iOS 9, OS X, Security No comments

A vulnerability has been discovered in iOS and OS X that could be used to install apps without permission, using AirDrop. The feature exists to provide a way for people to quickly send files from one device to another, but security researcher Mark Dowd has been able to exploit the vulnerability to push apps to iOS even if the user does not accept the file that is AirDropped.

Dowd has reported the vulnerability to Apple, but the company has failed to patch the problem so it still exists in iOS 9. Using a combination of techniques, it is possible to bypass the security screen that asks if an app is to be trusted or not, meaning that a malicious app can be installed without permission or notification.

Dowd was able to use his own Apple enterprise certificate to create a test app that could be run on any device. By using an enterprise profile, it was possible to bypass code-signing protections and install the app without any prompts being displayed. As well as installing apps without permission, the same technique can be used to overwrite files in both iOS and OS X.

Speaking with Threat Post, Dowd said:

When you send a package via AirDrop, it comes up with a notification on the target phone asking the user if they want to accept the package. The user has to unlock the phone to accept or decline it. It does NOT matter whether they accept it or not to trigger this bug -- the exploit has already happened by the time the notification is sent to the user.