|
|
|
|
|
|
by coder543
1885 days ago
|
|
|
The implausible part is not having lunch with friends, although the pandemic has made that feel less plausible than it used to be... but rather, having an attacker actively running an attack within 10s of feet of your table at the restaurant. What is your threat model that makes this plausible?! You must be super important to have attackers following you to lunch. Or maybe you like to eat at restaurants that do their best to harvest all visitor data, even going so far as to use cutting edge vulnerabilities? The person you replied to literally said this should be fixed. I agree with them that this is nowhere near as serious as issues Apple has had before, since the attack requires physical proximity and the use of the share pane. Even then, it doesn’t give the attacker RCE privileges or anything similarly world shaking. Should Apple fix it? Again, absolutely. No one has said otherwise. Nothing is 100% secure, so the relative risk posed by vulnerabilities can only really be assessed with a threat model. In most threat models, this is nowhere near as bad as their “GOTO Fail” bug or any number of others over the years. I think celebrities and VIPs are essentially the only ones whose threat models would actually be impacted by this vulnerability in a plausible way. |
|
|
… and do not use all of the other options for getting data from people in close proximity such as cameras or microcell sites. If your threat model goes far enough that this matters you should be more worried about all of the other options. I would be more worried about a Bluetooth, WiFi, or cellular exploit given the history.
(No, this is not saying that Apple shouldn’t improve this - only that it doesn’t seem like a huge change in the amount of risk you’re exposed to)