Versions prior to the latest Apple OS version, the newborn iOS 9, are affected by a serious AirDrop Bug. The AirDrop Bug could be exploited by hackers to take full control of Apple iPhone or Mac machines.
The AirDrop Bug has been disclosed by the Australian security researcher Mark Dowd, AirDrop is a proprietary service that enables the transfer of documents among supported Macintosh computers and iOS devices.
The AirDrop bug allows anyone within the range of an AirDrop user to silently install a malware on the targeted Apple device by sending an AirDrop file which causes rebooting of the target. The vulnerability affects iOS versions supporting the AirDrop from iOS 7 onwards, as well as Mac OS X versions from Yosemite onwards.
The principal problem for Apple users is that an attacker can exploit the AirDrop bug even if the victim rejects the incoming file sent over AirDrop.
After rebooting the device, the malware gains access to Springboard, the Apple’s software to manage iOS home screen, allowing the malicious app to masquerade the rights granted to the bogus application.
These rights include access to:
It is clear that by having access to the above features of the phone, the attacker can fully compromise the victim’s device.
Below a video PoC of the AirDrop bug exploitation published by Dowd, the video shows an attack on an iPhone running iOS 8.4.1.
The AirDrop bug has been fixed in the last iOS 9 that comes with a sandbox mechanism implemented by Apple that block attackers for writing files to arbitrary locations on the device via AirDrop service.
Waiting for a complete patch to fix the issue, Apple users urge to Update to iOS 9 and Mac OS X EI Capitan, which are in imminent outgoing.
(Security Affairs – Hacking, Apple Airdrop bug)
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…
Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…
This website uses cookies.
