1. Forum
  2. USENET
  3. comp.sys.mac.system

  • Why doesn't Apple fix known AirDrop security flaws

    From cris@cris@removespam.me.com to comp.sys.mac.system on Friday, April 23, 2021 21:19:42
    From Newsgroup: comp.sys.mac.system

    https://mashable.com/article/apple-airdrop-security-flaw/

    We reached out to Apple to confirm the findings and to ask if indeed it was alerted to the vulnerability in 2019. We received no immediate response.

    Notably, this is not the first questionable privacy situation tied to
    AirDrop. In 2019, researchers discovered that they were able to determine users' phone numbers based on the partial hashes AirDrop sends out.

    It's not clear if that concern was ever addressed by Apple, especially as
    the vulnerability disclosed this week appears similar in nature.
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Lewis@g.kreme@kreme.dont-email.me to comp.sys.mac.system on Saturday, April 24, 2021 08:17:16
    From Newsgroup: comp.sys.mac.system

    In message <s5vmee$m05$1@neodome.net> cris <cris@removespam.me.com> wrote:
    https://mashable.com/article/apple-airdrop-security-flaw/

    We reached out to Apple to confirm the findings and to ask if indeed it was


    Once gain, you post links without information on what the link actually
    is.

    It appears athat this "flaw" effects people who accept a AirDrop from an unknown person. There are several false click-bait statements in the article, including that airdrop is used to harrass people by sending them
    questionable and unwanted pictures.

    This is bullshit, since you have to ACCEPT AirDrop requests, and click
    to open them.

    In short, this flaw is largely meaningless and the upshot is "don't
    accept AirDrop request from people you don't know" which is something
    even a very stupid person should already know.

    --
    "Why, you stuck-up, half-witted, scruffy-looking... NERFHERDER!"
    "Who's Scruffy looking?"
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From cris@cris@removespam.me.com to comp.sys.mac.system on Saturday, April 24, 2021 10:56:13
    From Newsgroup: comp.sys.mac.system

    On 24/04/2021 08:17, Lewis wrote:

    Once gain, you post links without information on what the link actually
    is.

    The main news is in the title which is a question as to why Apple doesn't
    fix it even though it has existed for years and is all over the recent news.

    It's certainly a privacy leak.
    https://9to5mac.com/2021/04/23/airdrop-flaw/

    Why wouldn't Apple fix a zero-click privacy leak by default?

    It appears athat this "flaw" effects people who accept a AirDrop from an unknown person. There are several false click-bait statements in the article, including that airdrop is used to harrass people by sending them
    questionable and unwanted pictures.

    This is a zero-click flaw when you use the default AirDrop settings. https://www.macrumors.com/2021/04/23/airdrop-researchers-security-flaw/

    The question is why doesn't Apple care to fix a zero click privacy leak?

    This is bullshit, since you have to ACCEPT AirDrop requests, and click
    to open them.

    This is a zero click privacy leak when the device is set to the defaults. That's not in question.

    What's in question is why doesn't Apple fix this zero click privacy leak? https://thecyberwire.com/newsletters/privacy-briefing/3/78

    In short, this flaw is largely meaningless and the upshot is "don't
    accept AirDrop request from people you don't know" which is something
    even a very stupid person should already know.

    Nobody but you and Apple are apparently thinking it's meaningless. https://www.tomsguide.com/news/apple-airdrop-flaw-exposes-15-billion-devices-what-to-do

    Given it's a zero click privacy leak by default why doesn't Apple fix it?
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Lewis@g.kreme@kreme.dont-email.me to comp.sys.mac.system on Saturday, April 24, 2021 17:48:30
    From Newsgroup: comp.sys.mac.system

    In message <s6169d$d26$1@neodome.net> cris <cris@removespam.me.com> wrote:
    On 24/04/2021 08:17, Lewis wrote:

    Once gain, you post links without information on what the link actually
    is.

    The main news is in the title which is a question as to why Apple doesn't
    fix it even though it has existed for years and is all over the recent news.

    It's certainly a privacy leak.
    https://9to5mac.com/2021/04/23/airdrop-flaw/

    Why wouldn't Apple fix a zero-click privacy leak by default?

    Because for 99.999% of iPhone users it is a non-issue. How often do you
    open up AirDrop to scan for nearby people? Have you ever done it? I have
    done it twice, both times were when I was somewhere without cellular
    service and wanted to exchange photos with people in our group (once on
    a cruise ship, once on a zodiak boat off the shore of Alaska).

    This is a zero-click flaw when you use the default AirDrop settings.

    It is not a zero click flaw, since you have to open the AirDrop sharing
    screen and scan for nearby devices.

    "All they require is a Wi-Fi-capable device and physical proximity to a
    target that initiates the discovery process by opening the sharing pane
    on an iOS or macOS device."

    NB: "to a target that initiates the discovery process"

    The question is why doesn't Apple care to fix a zero click privacy leak?

    Because it is not a zero-click privacy leak and it is a very narrow
    ege-case that will affect nearly no one.

    This is bullshit, since you have to ACCEPT AirDrop requests, and click
    to open them.

    This is a zero click privacy leak when the device is set to the defaults. That's not in question.

    Ah, there is the shitbag troll. You snipped what I said so you could
    reply with something entirely irrelevant. What I said, that you snipped,
    you shithead troll cunt, is that the article you first posted contained bullshit and lies, caliming that AirDrop was used to harrass people.
    This si a lie, since you have to ACCEPT AirDrop files and links.

    So you can fuck off now and crawl back into your shithole, Arleen
    Sockpuppet.


    --
    "Are you pondering what I'm pondering?"
    "I think so, Brain, but isn't a cucumber that small called a
    gherkin?"
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From cris@cris@removespam.me.com to comp.sys.mac.system on Saturday, April 24, 2021 23:36:01
    From Newsgroup: comp.sys.mac.system

    On 24/04/2021 17:48, Lewis wrote:

    "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane
    on an iOS or macOS device."

    Satisfied with what I quoted yet?

    Now you can get to the question which was asked of why doesn't Apple fix it? --- Synchronet 3.18b-Win32 NewsLink 1.113