SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
18 Sep 2015

AirDrop bug in iOS and OSX allows hackers to install malware

With the launch of iOS 9, Apple gave us an ultimate reason to upgrade our Apple devices to its new operating system.

The latest iOS 9 includes a security update for a nasty bug that could be exploited to take full control of your iPhone or Macs, forcing most of the Apple users to download the latest update.

Australian security researcher Mark Dowd has disclosed a serious vulnerability in AirDrop, Apple's over-the-air file sharing service built into iOS and Mac OS X. How the Attack Works? The vulnerability allows anyone within the range of an AirDrop user to silently install a malicious app on a target Apple device by sending an AirDrop file which involves rebooting of the target device.

An attacker can exploit this critical bug even if the victim rejects the incoming file sent over AirDrop. After rebooting takes place, the malicious app gains access to Springboard, Apple's software to manage iOS home screen, allowing the app to fool the victim’s iPhone into believing the malicious app has the same rights as a normal app.

These rights include access to:

  • Contacts
  • Camera
  • Location
  • Messages
  • and many more…

…that could allow a more illustrious hacker to break into other sensitive areas of the Apple's operating system, causing severe damage to the victim's device.

"AirDrop bug can be used to target people wirelessly in close proximity. Also useful for lock-screen bypass," Dowd, founder and director of Azimuth Security, tweeted.

Dowd also provided a video demonstration (you can watch below) showing the real time attack on his iPhone running iOS 8.4.1. The vulnerability affects any iOS versions supporting AirDrop from iOS 7 onwards, as well as Mac OS X versions from Yosemite onwards.

Update to iOS 9 and Mac OS X EI Capitan

Apple has responded to the vulnerability by adding a sandbox to AirDrop in iOS 9 that would prevent anyone from writing files to arbitrary locations on the device via AirDrop service. However, it isn't clear when Apple will provide a complete patch to fix the issue. So the only way to prevent this attack, for now, is by upgrading your devices to iOS 9 and OS X 10.11 El Capitan, which won't roll out before September 16 and 30 respectively.

Tags:
information leaks AirDrop iOS OS X
Source:
The Hacker News
2125
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015