Previous Story
IOS 9 Will Address AirDrop Vulnerability
Malicious applications can be silently installed on millions of Apple devices, replacing legitimate apps – thanks to a vulnerability tied to the popular file-transfer feature AirDrop.
iOS 9 will be released for all current iPhones and iPads at 6pm BST on 16 September – and you’ll want to upgrade immediately. “The user has to unlock the phone to accept or decline it. It does NOT matter whether they accept it or not to trigger this bug – the exploit has already happened by the time the notification is sent to the user”, Dowd said via email.
The excitement for the new features and polished UI will be something to look forward to, but at the same time it would also seem that iOS 9 will address an AirDrop vulnerability that has been discovered that allows hackers to insert malware into iOS devices. After gaining access, the attacker would then wait until iPhone next rebooted and begin implanting malware.
That chain of security flaws adds up to a rarely seen risk for Apple’s almost malware-free mobile operating system. According to Dowd, “The [malware] app is restricted by its sandbox”. Apple has designed its system so that individual apps have limited access to user data.
AirDrop is not activated by default, but it is a popular feature that many Apple customers use. Also luckily, merely installing iOS 9 should allow you to fix the problem.
Dowd was able to use his own Apple enterprise certificate to create a test app that could be run on any device.
The attack is possible because of two existing security holes in iOS.
This means it could be performed in public areas, such as coffee shops, stores, public transit or any other area where the phone is within wireless reach of the attacker. Its threat still falls short, however of the critical Stagefright exploit for Android, for instance, which allowed phones to be compromised by text message. But he went on to say that the underlying bug still hasn’t been fixed.
A new vulnerability in iOS 8.4.1 bluetooth allows attackers to install malicious apps on victims’ iPhones through Airdrop. That Bluetooth band-aid is far better than walking around with a device left open to an invisibly Airdropped infection.
