AirDrop bug in iOS and Mac
If you have not upgraded the operating system of your Apple device then I suggest you to do it soon because the new update of iOS and OS X also includes some security updates that also include the security update for a horrid bug. The bug can easily be exploited by the attacker to take the full access of your iPhone or Macs.
An Australian security researcher named Mark Dowd has revealed a solemn vulnerability in AirDrop (iOS and Mac’s over-the-air file sharing service that could be exploited easily.
How this exploit works?
The vulnerability can be exploited by anyone within the range of an AirDrop. Attacker can silently install the malicious app on the target device. This can be done by sending an AirDrop file to the target device which includes the rebooting of the device.
This bug is very critical that if a user refuse to receive the file even then malicious app will get installed on to the target device.
After the reboot of the device, malicious app gains the access of Springboard, Apple’s software that manage iOS home screen. This app fools the iPhone into believing that the app has the same rights as a normal app has. Some of these rights are Contacts, Camera, Location, Messages, etc.
A more notorious hacker can break into the other much more sensitive areas of the iOS, that can cause heavy damage to the users device.
“AirDrop bug can be used to target people wirelessly in close proximity. Also useful for lock-screen bypass,” Dowd, founder and director of Azimuth Security, tweeted.
Update your Device
It is recommended to upgrade your apple device to the latest operating system. Because the vulnerability effects every iOS version that supports AirDrop from iOS7 onwards and Mac OS X versions from Yosemite Onwards.
Apple has fixed this bug in its new iOS 9 by adding a sandbox to the AirDrop. This sandbox would prevent anyone from writing the files to some arbitrary locations via AirDrop.
Upgrading your iOS to iOS 9 and Mac OS X to OS X 10.11 El Capitan is the only way to prevent this attack. But this is still unclear when Apple will provide the complete patch to fix the issue.