将蓝牙设备变成无根特权的Apple Airtag

将蓝牙设备变成无根特权的Apple Airtag
Turning a Bluetooth device into an Apple AirTag without root privileges

这项工作得到了美国国家科学基金会（NSF）的部分支持，该基金会根据CNS-2304720，CNS-2310322，CNS-2309550和CNS-2309477支持。英联邦网络倡议（CCI）也部分支持它。作者对匿名审稿人和牧羊人的宝贵反馈和建议表示感谢。我们还感谢Google Earth的图形中使用的地图瓷砖。此外，我们感谢Apple安全团队的帮助，以迅速做出回应和认可。苹果最近在iOS 18.2，Visionos 2.2，iPados 17.7.3，18.2，WatchOS 11.2，TVOS 18.2，Macos Ventura 13.7.2，Sonoma 14.7.2，Sequoia 15.2固定脆弱性。但是，只要未插入的iPhone或Apple手表处于运行我们的特洛伊木马的计算机附近，攻击仍然有效。

AirPods快速连接安全漏洞 2024-07-01

Apple 和 Google 为 iOS 和 Android 中不需要的跟踪警报提供支持 2024-05-15

（评论） 2024-07-01

（评论） 2024-04-16

原文

This work was supported in part by the US National Science Foundation (NSF) under grants CNS-2304720, CNS-2310322, CNS-2309550, and CNS-2309477. It was also supported in part by the Commonwealth Cyber Initiative (CCI). The authors extend their gratitude to the anonymous reviewers and shepherd for their invaluable feedback and suggestions. We also acknowledge Google Earth for the map tiles used in our figures.

In addition, we appreciate the help from the Apple Security Team for their prompt responses and acknowledgement. Apple recently released patches in iOS 18.2, visionOS 2.2, iPadOS 17.7.3, 18.2, watchOS 11.2, tvOS 18.2, macOS Ventura 13.7.2, Sonoma 14.7.2, Sequoia 15.2 to fix the vulnerability. However, the attack remains effective as long as unpatched iPhones or Apple Watches are in the proximity of the computer running our trojan.

Model retrieval

将蓝牙设备变成无根特权的Apple Airtag Turning a Bluetooth device into an Apple AirTag without root privileges

将蓝牙设备变成无根特权的Apple Airtag
Turning a Bluetooth device into an Apple AirTag without root privileges