iOS Simulator MCP Server Command Injection Vulnerability

A command injection vulnerability has been identified in the iOS Simulator MCP Server, specifically in versions prior to 1.3.3. This vulnerability arises from the server's tool definition and implementation, which improperly handles user input by concatenating it with command strings using an unsafe Node.js child process API. The exposed tool 'ui_tap' allows user input for 'duration', 'udid', 'x', and 'y' arguments to be manipulated with shell meta-characters, redirecting the execution from the intended 'idb' command to potentially harmful commands. Exploitation involves injecting payloads that are interpreted by the shell, leading to the execution of arbitrary commands on the host system.

Impact

Exploitation of this vulnerability allows for user-initiated and remote command injection on the host running the MCP Server.

Reproduction

To reproduce this vulnerability, send a request to the 'ui_tap' tool with injected payloads in the 'duration', 'udid', 'x', or 'y' arguments that include shell meta-characters. The injected command will be executed on the host system, bypassing the intended command structure.

Remediation

Users are advised to update to version 1.3.3 or later, where this vulnerability has been fixed.