Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Partial Security Fix with iOS 9 Release
September 17, 2015
Something is better than nothing. According to Threatpost, there is a major vulnerability in a library in iOS that allows an attacker to overwrite files on a target device and install a signed app without the user’s knowledge. Mark Dowd, a security researcher, discovered the flaw and is able to exploit the flaw using AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. The release of iOS 9 includes a mitigation, but not a full patch, for the vulnerability. According to Dowd, while the user will see a notification when they receive a malicious package via AirDrop, it doesn’t matter whether they accept or deny the AirDrop request. That doesn’t sound like a fix to me.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com