AirDrop exploit allows installation of iOS malware (but your fix is incoming)

Advertisement

For the past couple years now, Apple’s allowed iOS and OS X devices to easily share files with other units in their proximity, thanks to the company’s AirDrop protocol. Unfortunately, users who have AirDrop enabled may have inadvertently put their systems at risk, as news of a new exploit arrives – one capable of bypassing normal system protections and allowing for the installation of possibly malicious apps.

The hack is triggered when an attacker sends an AirDrop payload to the target device – much like the recent Android Stagefright exploit and MMS, there’s no direct user interaction required – you don’t have to open an infected file or anything. Instead, simply receiving the payload is enough, and its nasty bits are activated the next time the target device is reset.

When that happens, the payload can access the iOS file system, install its own app-signing certificate, and subsequently load malware that your phone or tablet now thinks is legitimate. From there, an attacker can disguise that malware as a familiar system app, tricking you into running it.

Sound bad? Luckily, a fix is nearly within reach: while some of the holes this attack takes advantage of will remain, a key file-access issue is resolved with the arrival of iOS 9, immediately taking the teeth out of this exploit. And with that update hitting the public at large in under an hour, your iOS devices will soon be safe.

Source: Forbes
Via: BGR

Share This Post
Advertisement
What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!