Apple’s Airdrop service, which allows users to transfer files wirelessly between iOS and OSX devices, seem to have a potentially dangerous vulnerability.
It is the Australian security researcher Mark Dowd who has informed magazine Forbes about the vulnerability – and it appears to be quite critical. According to Dowd, anyone who is within reach for airdrops (around ten meters, that is) to install malware on the device in question. Worse, even if the recipient rejects the attempt to embed malware, the attacker can still gain access to change your phone settings.
Read also: Mysterious spyware frames iOS devices
Dowd believes that it is possible to utilize airdrops and then change the configuration files to make iOS can accept all software signed with Apple’s certificate. Such certificates are often used to bypass the security of Apple, especially in “jailbreaking.” This method makes it possible to trick the iPhone into thinking that his or her certificate comes from a user that is actually certified and trusted. When the hacker inside, he can install malware in the folder where third party applications are added, and it is even possible to replace the built-in apps in your iPhone with others.
Best updating
It may result in the attacker getting access to sensitive data contained within the apps, although applications are protected by being packed into separate “containers”.
It is one pretty safe way to fix error, and it is to update to the latest Apple software, says Dowd. iOS 9, which is now available, adding airdrops in a separate “sandbox”, making it impossible to write files to other locations within the operating system through the service.
The vulnerability involves the way both iOS 8 and iOS 7 – so it is essential to upgrade.
Read also: Do not trust the Outlook apps
Users of Mac should upgrade to OS X El Capitan to block the vulnerability on Apple computers. This new version of the operating system will not, however, until 30 September.
To disable Airdrop is incidentally also a fully relevant alternative.
No comments:
Post a Comment