AirDrop exploit allows installation of iOS malware (but your fix is incoming)
For the past couple years now, Apple’s allowed iOS and OS X devices to easily share files with other units in their proximity, thanks to the company’s AirDrop protocol. Unfortunately, users who have AirDrop enabled may have inadvertently put their systems at risk, as news of a new exploit arrives – one capable of bypassing normal system protections and allowing for the installation of possibly malicious apps.
The hack is triggered when an attacker sends an AirDrop payload to the target device – much like the recent Android Stagefright exploit and MMS, there’s no direct user interaction required – you don’t have to open an infected file or anything. Instead, simply receiving the payload is enough, and its nasty bits are activated the next time the target device is reset.
When that happens, the payload can access the iOS file system, install its own app-signing certificate, and subsequently load malware that your phone or tablet now thinks is legitimate. From there, an attacker can disguise that malware as a familiar system app, tricking you into running it.
Sound bad? Luckily, a fix is nearly within reach: while some of the holes this attack takes advantage of will remain, a key file-access issue is resolved with the arrival of iOS 9, immediately taking the teeth out of this exploit. And with that update hitting the public at large in under an hour, your iOS devices will soon be safe.