An arbitrary file upload vulnerability has been discovered in an iOS app that allows an attacker to deliver a malicious package during a file transfer operation. The app is Photos in Wi-Fi v1.0.1, and the vulnerability, discovered by the Vulnerability Laboratory Research Team, allows remote attackers to upload a malicious file to the iOS device which could compromise the security of the iOS wifi app and allowing the attacker to take control. The vulnerability is triggered when the user tries to upload a file from their ‘Camera Roll’ to the app. Remote attackers are able to intercept the name of the file and use a live session to change the `filename` value to a web based SSH connection and upload a malicious arbitrary file. Once the SSH connection is active, the uploaded file is then used by the attacker to request an `asset.php` file to execute the stored malicious file which allows the attacker to gain access into the iOS app.
View full story