Now-Fixed AirDrop Bug Let Anyone Lock-Up Nearby iPhones With Flood of Files
There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and the details of how it works are now public.
AirDrop is designed to allow users to share files with one another, and depending on settings, it can be restricted to contacts, no one, or any nearby iPhone. Kishan Bagaria discovered the AirDrop bug in iOS 13.2.3, finding that he could lock up nearby iPhones that were able to accept files by flooding them with multiple files in a row.
When receiving an AirDrop file, an iPhone or iPad blocks the display until the incoming request is accepted or rejected. iOS did not limit the number of requests that a device can accept, so with repeated message requests, an attacker was able to send files over and over again to cause the iOS device to get stuck in a loop.
Devices with AirDrop set to "Everyone" were primarily vulnerable to the attack, which is not the default AirDrop setting. AirDrop is limited to Contacts, and the "Everyone" setting must be manually enabled.
As of now, though, the bug no longer works and Apple has limited the number of AirDrop messages that can be sent to an iOS device in quick succession. Given that this wasn't a traditional security vulnerability, Apple will not provide a common vulnerability and CVE score, but has instead acknowledged it in a separate section of the security support document.
Popular Stories
Apple is ending its credit card partnership with Goldman Sachs, according to The Wall Street Journal. Apple plans to stop working with Goldman Sachs in the next 12 to 15 months, and it is not yet clear if Apple has established a new partnership for the Apple Card. Apple and Goldman Sachs will dissolve their entire consumer partnership, including the Apple Card and the Apple Savings account....
Apple is wrapping up development on iOS 17.2, with the update expected to come out in December. While we're getting to the end of the beta testing period, Apple is still tweaking features and adding new functionality. We've rounded up everything new in the fourth beta of iOS 17.2. Default Notification Sound Under Sounds & Haptics, there's a new "Default Alerts" section that allows you to ...
Apple with iOS 17.1 and watchOS 10.1 introduced a new NameDrop feature that is designed to allow users to place Apple devices near one another to quickly exchange contact information. Sharing contact information is done with explicit user permission, but some news organizations and police departments have been spreading misinformation about how NameDrop functions. As noted by The Washington...
At WWDC in June 2022, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, increased personalization, and more. Apple's website still says the first vehicles with support for the next-generation CarPlay experience will be announced in "late 2023," but it has not shared...
Apple will likely release iOS 17.1.2 this week, based on mounting evidence of the software in our website's analytics logs in recent days. As a minor update, iOS 17.1.2 should be focused on bug fixes, but it's unclear exactly which issues might be addressed. Some users have continued to experience Wi-Fi issues on iOS 17.1.1, so perhaps iOS 17.1.2 will include the same fix for Wi-Fi...
Apple is discontinuing in-house modem development after several unsuccessful attempts to perfect its own custom 5G modem chip, according to unconfirmed reports coming out of Asia. According to the operator of news aggregator account "yeux1122" on the Naver blog, supply chain sources related to Apple's 5G modem departments claim that the company's attempts to develop its own modem have...
As the end of 2023 nears, now is a good opportunity to look back at some of the devices and accessories that Apple discontinued throughout the year. Apple products discontinued in 2023 include the iPhone 13 mini, 13-inch MacBook Pro, MagSafe Battery Pack, MagSafe Duo Charger, and leather accessories. Also check out our lists of Apple products discontinued in 2022 and 2021. iPhone Mini ...
Google Drive users have been warned not to disconnect their account within the Google Drive for desktop app, after a spate of reports of files going missing from the cloud service. Alarm bells began ringing last week on Google's community support site when some users reported files mysteriously disappearing from Google Drive, with some posters claiming six or more months of data had...
Top Rated Comments
It's amazing the number of people you find who have AirDrop wide open at a place like Disney. :rolleyes:
Airdrop is great technology, I wish more people used it. I hardly hear anyone does especially that it is Apple only.
It’s just that one popover layer that forces you to interact with it.
That’s ok I guess, But if you get sent multiple files, which one gets priority?
I propose a new dialog which appears at the top of the screen like a normal notification. Once interacted with, it would show you all incoming connections, what they are and whether you want to accept or reject each transfer. More complicated but I think if done in the Apple way would be simple and useable.
What do you lads and ladies think?