MobileNews

Update your devices to iOS 13.3 to avoid this AirDrop flaw [Video]

Apple released iOS 13.3 and iPadOS 13.3 to the public today. In addition to the new features and customization options we detailed earlier, the update also includes an important security fix for an AirDrop vulnerability that allowed an attacker to “remotely render any nearby iPhone or iPad unusable.”



The vulnerability was discovered by Kishan Bagaria, who reported it to Apple in August. Apple acknowledged that it was working on a fix for the vulnerability in November, and asked that Bagaria not disclose the issue until iOS 13.3 was released to the public.

The denial-of-service bug in question allowed an attacker to spam all nearby iOS devices with files via AirDrop. Because the AirDrop popup takes over the full iOS and iPadOS UI, users are forced to either accept or decline the AirDrop request. Therefore, as an attacker spams someone AirDrop notifications, that person can no longer do anything on their iPhone or iPad.

You can see a video of the bug in action below. Here’s how Bagaria describes the denial-of-service bug:

I discovered a denial-of-service bug in iOS that I’m calling AirDoS that lets an attacker infinitely spam all nearby iOS devices with the AirDrop share popup. This share popup actually blocks the UI so the device owner won’t be able to do anything on the device except Accept/Decline the popup, which will keep reappearing. It will persist even after locking/unlocking the device.

iOS 13.3 and iPadOS 13.3, released today, fix this vulnerability. Bagaria says that Apple’s solution was to implement a rate limit. This means that after you decline an AirDrop request from the same device three times, iOS will automatically decline any subsequent requests.

You can find the full details of the bug on Bagaria’s blog.

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Chance Miller
Source: 9TO5Mac

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!