MobileNews

Update your devices to iOS 13.3 to avoid this AirDrop flaw [Video]

Apple released iOS 13.3 and iPadOS 13.3 to the public today. In addition to the new features and customization options we detailed earlier, the update also includes an important security fix for an AirDrop vulnerability that allowed an attacker to “remotely render any nearby iPhone or iPad unusable.”



The vulnerability was discovered by Kishan Bagaria, who reported it to Apple in August. Apple acknowledged that it was working on a fix for the vulnerability in November, and asked that Bagaria not disclose the issue until iOS 13.3 was released to the public.

The denial-of-service bug in question allowed an attacker to spam all nearby iOS devices with files via AirDrop. Because the AirDrop popup takes over the full iOS and iPadOS UI, users are forced to either accept or decline the AirDrop request. Therefore, as an attacker spams someone AirDrop notifications, that person can no longer do anything on their iPhone or iPad.

You can see a video of the bug in action below. Here’s how Bagaria describes the denial-of-service bug:

I discovered a denial-of-service bug in iOS that I’m calling AirDoS that lets an attacker infinitely spam all nearby iOS devices with the AirDrop share popup. This share popup actually blocks the UI so the device owner won’t be able to do anything on the device except Accept/Decline the popup, which will keep reappearing. It will persist even after locking/unlocking the device.

iOS 13.3 and iPadOS 13.3, released today, fix this vulnerability. Bagaria says that Apple’s solution was to implement a rate limit. This means that after you decline an AirDrop request from the same device three times, iOS will automatically decline any subsequent requests.

You can find the full details of the bug on Bagaria’s blog.

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Chance Miller
Source: 9TO5Mac

Related posts
AI & RoboticsNews

OpenAI makes ChatGPT’s image generation available as API

AI & RoboticsNews

Former DeepSeeker and collaborators release new method for training reliable AI agents: RAGEN

AI & RoboticsNews

Google adds more AI tools to its Workspace productivity apps

Cleantech & EV'sNews

Chevy Blazer SS EV first drive, over 600hp and 300 miles of range!

Sign up for our Newsletter and
stay informed!