Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Major flaw in Apple OS enables attackers to write files to any location

A major bug has been detected in Apple's iOS through which attackers can overwrite files and insert a signed app on a target device, which will then be fooled into trusting with no prompt to the actual user, according to ThreatPost.

Mark Dowd, founder and director of Azimuth Security, discovered the flaw and said he was able to exploit it over AirDrop, Apple's sharing system that allows users to transfer documents to other Apple devices. An attacker can gain entry to the OS library on a targeted device should a user have a preference set to allow connections from anyone, Dowd said. This could occur on a locked device, even without the user's knowledge.

Dowd reported the vulnerability to Apple and the company will include a mitigation for it in iOS 9, due out Wednesday. However, ThreatPost reported it is not a full patch.

Related

Security concerns curb open source utilization

Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.