Comment: iOS Bug In AirDrop Let Anyone Temporarily Lock-up Nearby iPhones

It has been reported that Apple has fixed a bug in iOS 13.3, out yesterday, which let anyone temporarily lock users out of their iPhones and iPads by forcing their devices into an inescapable loop. Kishan Bagaria found a bug in AirDrop, which allows users to share files between iOS devices. He found the bug let him repeatedly send files to all devices able to accept files within wireless range of an attacker. When a file is received, iOS blocks the display until the file is accepted or rejected. But because iOS didn’t limit the number of file requests a device can accept, an attacker can simply keep sending files again and again, repeatedly displaying the file accept box, which causes the device to get stuck in a loop. 

 


EXPERTS COMMENTS
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
December 11, 2019
For manufacturers such as Apple, finding and fixing as many vulnerabilities as possible before release is ideal.
Software security is all about protecting confidentiality, integrity, and availability. In this case, the convenience of the AirDrop feature is hijacked to deny the availability of the entire iPhone. Given the complexity of iOS and the app ecosystem, it's inevitable that vulnerabilities such as this will continue to be found and fixed. For manufacturers such as Apple, finding and fixing as many vu ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article