Click to Skip Ad
Closing in...
  1. Amazon Deals
    09:57 Deals

    Today’s top deals: Exclusive deals for Prime members only, $6 car detailing tool, $2…

  2. Best Camera Drone Under $100
    08:43 Deals

    Best camera drone under $100 gets a rare extra discount at Amazon

  3. Best Car Detailing Products
    14:14 Deals

    The best car detailing product is a $5.59 tool on Amazon that pros don’t want you to…

  4. Best smart plugs for Alexa
    10:38 Deals

    Best smart plugs for Alexa: Kasa smart plugs hit Amazon’s lowest price

  5. Top Amazon Deals
    08:06 Deals

    10 top Amazon deals you can only get if you have Prime

iOS 9 will fix a massive iOS vulnerability that silently lets malware apps inside the iPhone

September 16th, 2015 at 7:45 AM
iOS 9 Security Fix AirDrop Malware

Apple will release the final version of iOS 9 later today, and the software update will bring several new features and performance improvements. On top of that, the new release will fix a massive iOS vulnerability that would allow a third-party to gain control of a user’s iPhone. The bug also affects Macs, and will be squashed in the upcoming El Capitan release (set to launch on September 30th).

DON’T MISS: iPhone 6s and iPad Pro must be very scary: Samsung is back with more anti-Apple propaganda

According to Azimuth Security’s researcher Mark Dowd, anyone within range of an AirDrop user would be able to install malware on a target device and then use the program for various malicious purposes. AirDrop is a feature that lets users quickly transfer files between iOS and Mac devices.

All the while, the user would not suspect anything, even if he or she rejects an incoming AirDrop transfer from an unknown contact.

To initiate the attack, all a hacker has to do is to send a file via AirPlay to an iOS or OS X user running iOS 7 or later, and Yosemite, respectively. It doesn’t even matter if the recipient accepts the incoming transfer, as the malware attack is initiated.

The hacker would then have to wait patiently for the user to reset the iPhone or Mac for any reason so that the malware app can be installed. How can a non-App Store app be installed that easily you ask? Well, the hacker would use an Apple certificate to sign it, fooling the OS into believing it’s a genuine piece of software – the kind that enterprises would release to their fleet of Apple devices.

“The [malware] app is restricted by its sandbox,” Dowd told Forbes. “However since you sign the app, you can grant some entitlements that allow it to do things like read contacts, get location information, use the camera or whatever other entitlements legitimate apps can be allowed to have.”

The video below shows the attack in action, with Down replacing the Phone app on the iPhone with an app of his choosing.

iOS 9 and OS X 10.11 fixes the problem, so get them as soon as possible. Also, you can just turn off AirDrop when you’re not using it, to avoid such potential issues in the near future, especially if you don’t plan to, or can’t, update to the latest iPhone and Mac software versions.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News