Can't wait for details on how Apple is handling the new mirroring feature via continuity... I get that iCloud accounts are harder to take over than they used to be, and that a lot of the good stuff in an iCloud account is still protected by things like device lock codes... but... still.
If you can pop shell on someone's Macbook and piggyback on that machine's access onwards to an iOS device, that's a pretty significant change. And iCloud to RCE on macOS is achievable, right? Do we know?
Apple says this is wireless access... is it via BT? Or via wifi/IP?
Adam really had the right question this week -- does Apple think there's a security boundary between different devices within an iCloud account? And if there is, what does that boundary look like now there's pointy-clicky access from macOS->iOS?
I try to keep my phone as isolated from my desktop systems as possible... that's gonna get harder and harder.
=> More informations about this toot | View the thread | More toots from riskybusiness@infosec.exchange
text/geminiThis content has been proxied by September (ba2dc).