The mobile operating system must not automatically execute applications without user direction.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32951 | SRG-OS-000035-MOS-000012 | SV-43349r1_rule | High |
| Description |
|---|
| Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code are Auto Run and Auto Play. Auto Run and Auto Play are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted. This requirement is designed to address vulnerabilities that arise when mobile devices are automatically mounted and applications are automatically invoked without user knowledge or acceptance. Applications that can be executed without user (or mobile device management) direction may be used to access sensitive information or otherwise compromise system integrity to launch subsequent attacks. Requiring the user take action to permit the execution of an application makes it more likely that malware will be identified and kept off of mobile devices. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41252r1_chk ) |
|---|
| Review the mobile operating system configuration to determine if automatic execution is disabled. If applications are able to execute without user or mobile device management direction, this is a finding. |
| Fix Text (F-36866r1_fix) |
|---|
| Modify the operating system configuration to disable automatic execution of applications on the device without user or mobile device management direction. |