MALWAIRDROP: COMPROMISING IDEVICES VIA AIRDROP presented at Ruxcon 2015

by Mark Dowd,

Summary : iOS versions prior to iOS 9 contained a nasty bug that was exploitable via AirDrop. The flaw allows users to write arbitrary files to the filesystem as the 'mobile' user. Due to various protectionsin place on un-jailbroken iOS installations, turning this flaw in to some form of code execution is not entirely straight forward. This talk will discuss the uncovered flaw, and explain the system mechanisms that may be abused to leverage this flaw in to gaining code execution.