The excitement for the new features and polished UI will be something to look forward to, but at the same time it would also seem that iOS 9 will address an AirDrop vulnerability that has been discovered that allows hackers to insert malware into iOS devices.
The attack allows a potential hacker to install malicious apps on iPhones and Macs via theirBluetooth-enabled Airdrop filesharing feature. As a result, the apps his technique installs don’t generate a dialog that warns the end user that the app is signed by a third party and asking for approval to proceed.
Apple’s iOS 9 update is scheduled to release to the public at 1 p.m. ET today. Worst of all, even if a victim tried to reject the incoming AirDrop file, the bug lets attackers tweak the iOS settings so the exploit will still work.
That chain of security flaws adds up to a rarely seen risk for Apple’s almost malware-free mobile operating system. Apple has designed its system so that individual apps have limited access to user data.
“The [malware] app is restricted by its sandbox”, Dowd told Forbes.
The vulnerability also affects Macbook owners, so be sure to make sure your OSX software is up to date as well.
The good news is like we said, iOS 9 appears to be fixed the vulnerability. Hackers use the attack to enter sections iOS they shouldn’t have access to, but Dowd found it’s possible to exploit AirDrop, and then alter files so that iOS will accept any software with an Apple enterprise certificate. “In the meantime, the obvious advice is to disable AirDrop completely”.
Dowd says that a potential hacker could silently scout for iPhone users with Airdrop enabled within Bluetooth range-say, in a crowded place like a train or mall-and start planting malicious programs on their phones or Macbooks. If a user has AirDrop set to allow connections from anyone-not just her contacts-an attacker could exploit the vulnerability on a default locked iOS device. But the ability to attack phones wirelessly puts it well beyond the lockscreen bypass vulnerabilities that have plagued Apple in the past. That Bluetooth band-aid is farbetter than walking around with a device left open to an invisibly Airdropped infection.
View the original content and more from this author here: http://ift.tt/1KolrP6
from hacker samurai http://ift.tt/1NF2u1A
via IFTTT
No comments:
Post a Comment