Apple forgot to sanitize the Phone Number field for lost AirTags
The hits keep coming to Apple’s bug-bounty program, which security researchers say is slow and inconsistent to respond to its vulnerability reports.
This time, the vuln du jour is due to failure to sanitize a user-input field—specifically, the phone number field AirTag owners use to identify their lost devices.
The Good Samaritan attack
Security consultant and penetration tester Bobby Rauch discovered that Apple’s AirTags—tiny devices which can be affixed to frequently lost items like laptops, phones, or car keys—don’t sanitize user input. This oversight opens the door for AirTags to be used in a drop attack. Instead of seeding a target’s parking lot with USB drives loaded with malware, an attacker can drop a maliciously prepared AirTag.
Read 10 remaining paragraphs | Comments