Click to Skip Ad
Closing in...
  1. Prime Day Deals
    11:01 Deals

    Check these early Prime Day deals with prices so low, it’s like Amazon made a mistak…

  2. Amazon Deals
    07:59 Deals

    10 deals you don’t want to miss on Sunday: Free $25 Amazon credit, $230 Windows 10 l…

  3. Mattress Topper Amazon
    14:44 Deals

    33,000 Amazon shoppers say this mattress topper deserves 5 stars – today it’s…

  4. Best Smart Home Devices 2021
    08:45 Deals

    10 smart home devices on Amazon you’ll wonder how you ever lived without

  5. Prime Day Deals
    10:03 Deals

    Prime Day starts Monday – but these amazing Prime Day deals start now

iOS 9 will fix a massive iOS vulnerability that silently lets malware apps inside the iPhone

September 16th, 2015 at 7:45 AM
iOS 9 Security Fix AirDrop Malware

Apple will release the final version of iOS 9 later today, and the software update will bring several new features and performance improvements. On top of that, the new release will fix a massive iOS vulnerability that would allow a third-party to gain control of a user’s iPhone. The bug also affects Macs, and will be squashed in the upcoming El Capitan release (set to launch on September 30th).

DON’T MISS: iPhone 6s and iPad Pro must be very scary: Samsung is back with more anti-Apple propaganda

According to Azimuth Security’s researcher Mark Dowd, anyone within range of an AirDrop user would be able to install malware on a target device and then use the program for various malicious purposes. AirDrop is a feature that lets users quickly transfer files between iOS and Mac devices.

All the while, the user would not suspect anything, even if he or she rejects an incoming AirDrop transfer from an unknown contact.

To initiate the attack, all a hacker has to do is to send a file via AirPlay to an iOS or OS X user running iOS 7 or later, and Yosemite, respectively. It doesn’t even matter if the recipient accepts the incoming transfer, as the malware attack is initiated.

The hacker would then have to wait patiently for the user to reset the iPhone or Mac for any reason so that the malware app can be installed. How can a non-App Store app be installed that easily you ask? Well, the hacker would use an Apple certificate to sign it, fooling the OS into believing it’s a genuine piece of software – the kind that enterprises would release to their fleet of Apple devices.

“The [malware] app is restricted by its sandbox,” Dowd told Forbes. “However since you sign the app, you can grant some entitlements that allow it to do things like read contacts, get location information, use the camera or whatever other entitlements legitimate apps can be allowed to have.”

The video below shows the attack in action, with Down replacing the Phone app on the iPhone with an app of his choosing.

iOS 9 and OS X 10.11 fixes the problem, so get them as soon as possible. Also, you can just turn off AirDrop when you’re not using it, to avoid such potential issues in the near future, especially if you don’t plan to, or can’t, update to the latest iPhone and Mac software versions.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News