Now-Fixed AirDrop Bug Let Anyone Lock-Up Nearby iPhones With Flood of Files

by

There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and the details of how it works are now public.

AirDrop is designed to allow users to share files with one another, and depending on settings, it can be restricted to contacts, no one, or any nearby iPhone. Kishan Bagaria discovered the AirDrop bug in iOS 13.2.3, finding that he could lock up nearby iPhones that were able to accept files by flooding them with multiple files in a row.

airdropbug
When receiving an AirDrop file, an ‌iPhone‌ or iPad blocks the display until the incoming request is accepted or rejected. iOS did not limit the number of requests that a device can accept, so with repeated message requests, an attacker was able to send files over and over again to cause the iOS device to get stuck in a loop.

Devices with AirDrop set to "Everyone" were primarily vulnerable to the attack, which is not the default AirDrop setting. AirDrop is limited to Contacts, and the "Everyone" setting must be manually enabled.

As of now, though, the bug no longer works and Apple has limited the number of AirDrop messages that can be sent to an iOS device in quick succession. Given that this wasn't a traditional security vulnerability, Apple will not provide a common vulnerability and CVE score, but has instead acknowledged it in a separate section of the security support document.

Tag: AirDrop

Top Rated Comments

SVTmaniac Avatar
SVTmaniac
22 months ago
I don't know if I'd call it serious. More of an inconvenience if anything. First off you'd have to be dumb enough to leave your airdrop set to everyone and then someone would have to know about the bug to send files that basically annoy you more than anything. Not like they get data off your phone or cause it to brick.
Score: 5 Votes (Like | Disagree)
Nabby Avatar
Nabby
22 months ago

Shoot now I can’t mess with people in public like I use to do
This is how my teenage son passes the time while waiting in pubic...He will look for "open" AirDrop iPhones and send a picture of a fish. He doesn't flood the phone, just sends it once, and then looks to see who might have noticed. He now has learned to change is phone name when someone saw the picture was from "Joe's iPhone" and called out "Joe" looking for who might respond.:)

It's amazing the number of people you find who have AirDrop wide open at a place like Disney. :rolleyes:
Score: 5 Votes (Like | Disagree)
Jimmy Bubbles Avatar
Jimmy Bubbles
22 months ago
Looks like the old concept of IM-bombs hasn't died, only reincarnated. haha!
Score: 1 Votes (Like | Disagree)
MacBH928 Avatar
MacBH928
22 months ago
ahh...the old Windows 98 pop-up trick, strikes again.

Airdrop is great technology, I wish more people used it. I hardly hear anyone does especially that it is Apple only.
Score: 1 Votes (Like | Disagree)
roguedaemon Avatar
roguedaemon
22 months ago
Here’s a suggestion; make the AirDrop dialogue more versatile.
It’s just that one popover layer that forces you to interact with it.
That’s ok I guess, But if you get sent multiple files, which one gets priority?

I propose a new dialog which appears at the top of the screen like a normal notification. Once interacted with, it would show you all incoming connections, what they are and whether you want to accept or reject each transfer. More complicated but I think if done in the Apple way would be simple and useable.

What do you lads and ladies think?
Score: 1 Votes (Like | Disagree)
DeepIn2U Avatar
DeepIn2U
22 months ago

Shoot now I can’t mess with people in public like I use to do
LOL ... reminds me of 'bluetooth wardriving' way back in 2002. Go Transit .... key up a message on my Ericsson "Evening ... if you receive this message bring it to the driver for a month of free travel anywhere in the GTA" LMAO ... some cat in 1mins jump up and spoke to the driver for a lengthy 20mins LMAO! Nowadays kids would fled you with eggplant emoji (yet not the vegetable nor the emoji) :( fine lines between tom foolery vs harassment.
Score: 1 Votes (Like | Disagree)
Read All Comments

Top Stories

REC ASA CODE2016 20160601 205816 2745

Elon Musk Reportedly Demanded to Become Apple CEO as Part of Potential Tesla Acquisition [Update: Musk Denies]

Friday July 30, 2021 9:04 am PDT by
Tesla CEO Elon Musk reportedly once demanded that he be made Apple CEO in a brief discussion of a potential acquisition with Apple's current CEO, Tim Cook. The claim comes in a new book titled "Power Play: Tesla, Elon Musk and the Bet of the Century," as reviewed by The Los Angeles Times. According to the book, during a 2016 phone call between Musk and Cook that touched on the possibility of ...
Read Full Article249 comments
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
Read Full Article
iPhone 13 Always On Feature

iPhone 13 to Bring Over a Major Feature From the Apple Watch

Wednesday July 28, 2021 2:21 am PDT by
Apple's upcoming iPhone 13 lineup will feature an always-on display akin to the Apple Watch Series 5 and Series 6, according to recent reports. In his weekly Power On newsletter, Bloomberg journalist Mark Gurman, who often reveals accurate insights into Apple's plans, said that the iPhone 13 may feature an Apple Watch-inspired always-on mode. The Apple Watch Series 5 and Apple Watch...
Read Full Article
duracell battery bitter coating

Apple Says Don't Buy AirTag Replacement Batteries With Bitter Coating

Wednesday July 28, 2021 11:08 am PDT by
Since AirTags were just released earlier this year and are expected to have a year-long battery life, it may be some time yet before AirTag users need a replacement battery, but when the time comes for a refresh, Apple is warning customers not to buy batteries with a bitter coating. AirTags use coin-shaped CR2032 batteries, which happen to be a size that's easy to swallow. Some battery...
Read Full Article170 comments
a15 chip

iPhone 13 and Redesigned MacBook Pro Chip Production Hit With Gas Contamination

Friday July 30, 2021 5:44 am PDT by
The most important TSMC factory that manufactures Apple's chips destined for next-generation iPhone and Mac models has been hit by a gas contamination, according to Nikkei Asia. The factory, known as "Fab 18," is TSMC's most advanced chipmaking facility. TSMC is Apple's sole chip supplier, making all of the processors used in every Apple device with a custom silicon chip. Industry...
Read Full Article113 comments
apple rtp land

Apple Preparing to Occupy 200,000 Square Feet of Temporary Space Ahead of New $1 Billion North Carolina Campus

Thursday July 29, 2021 9:14 am PDT by
Back in April, Apple announced a $430 billion investment over the next five years to create more than 20,000 new jobs as the company continues to expand. One significant piece of that plan is a new engineering and research center in North Carolina where Apple will be investing over $1 billion and hiring at least 3,000 employees. Assemblage of seven properties in Research Triangle Park owned by ...
Read Full Article84 comments
Apple Leak Feature

Apple Demands Leaker Reveals Sources Under Threat of Being Reported to Police

Wednesday July 28, 2021 6:53 am PDT by
Apple has sent a cease and desist letter to a leaker based in China as part of its continuing attempts to curtail leaks of unreleased products, according to Vice. A Chinese citizen who shared images of stolen Apple prototypes on social media was sent a warning letter from Fangda Partners, Apple's law firm in China, on June 18, 2021. An extract from the letter read:You have disclosed without ...
Read Full Article113 comments
macos monterey tidbits feature copy

Apple Releases New macOS 12 Monterey Public Beta

Wednesday July 28, 2021 10:19 am PDT by
Apple today seeded the third public beta of the macOS 12 Monterey beta to public beta testers, allowing non-developers to test the new macOS Monterey software ahead of its public release. The third beta comes two weeks after Apple released the second macOS Monterey public beta. Public beta testers can download the macOS 12 Monterey update from the Software Update section of the System...
Read Full Article70 comments
iOS 15 General Feature Purple

Apple Releases New Public Betas of iOS 15, iPadOS 15, watchOS 8, and tvOS 15

Wednesday July 28, 2021 10:16 am PDT by
Apple today seeded the third betas of iOS and iPadOS 15 to public beta testers, allowing non-developers to download and test the new updates ahead of their fall release. The third public betas come two weeks after Apple released the second public betas. Public beta testers who have signed up for Apple's beta testing program can download the iOS and iPadOS 15 updates over the air after...
Read Full Article20 comments
nothing ear 1 buds 1

Nothing 'Ear (1)' True Wireless Earbuds Launch to Take on AirPods Pro With ANC and Unusual Design for $99

Tuesday July 27, 2021 7:57 am PDT by
Nothing, a new brand from OnePlus founder Carl Pei, has today officially launched the "Ear (1)" true wireless earbuds after months of anticipation around the company's AirPods Pro rival. The Ear (1) features an in-ear design, Active Noise Cancelation, Bluetooth 5.2, IPX4 water resistance, and a charging case with Qi-compatible wireless charging and a USB-C port. Fast pairing is supported on...
Read Full Article131 comments