• malloc@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    AirDrop has a new NameDrop feature for quickly sharing contact information with a person nearby, and the Phone app has customizable Contact Posters that let you choose what people see when you call them

    I wonder if this is a possible vector for a “1 tap” or “0 click” attack. NSO and other black hat security firms can’t wait 😂

    Attacker:

    • setup malicious “contact poster”
    • call victim
    • victim gets malicious contact poster which is able to bypass security and achieve RCE
    • victim doesn’t even need to answer
    • cheery_coffee@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      They could already text the malicious picture, I’m guessing the phone app requires fewer privileges than the messages app.