iOS Trustjacking – A Dangerous New iOS Vulnerability


信任劫持(TrustJacking) 通过 iTunes Wi-Fi sync 特性获取iOS设备控制权 ,symantec 在 RSA 大会上公布此研究

This vulnerability exploits an iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer. A single tap by the iOS device owner when the two are connected to the same network allows an attacker to gain permanent control over the device. In addition, we will walk through past related vulnerabilities and show the changes that Apple has made in order to mitigate them, and why these are not enough to prevent similar attacks.