Now-Fixed AirDrop Bug Let Anyone Lock-Up Nearby iPhones With Flood of Files
There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and the details of how it works are now public.
AirDrop is designed to allow users to share files with one another, and depending on settings, it can be restricted to contacts, no one, or any nearby iPhone. Kishan Bagaria discovered the AirDrop bug in iOS 13.2.3, finding that he could lock up nearby iPhones that were able to accept files by flooding them with multiple files in a row.
When receiving an AirDrop file, an iPhone or iPad blocks the display until the incoming request is accepted or rejected. iOS did not limit the number of requests that a device can accept, so with repeated message requests, an attacker was able to send files over and over again to cause the iOS device to get stuck in a loop.
Devices with AirDrop set to "Everyone" were primarily vulnerable to the attack, which is not the default AirDrop setting. AirDrop is limited to Contacts, and the "Everyone" setting must be manually enabled.
As of now, though, the bug no longer works and Apple has limited the number of AirDrop messages that can be sent to an iOS device in quick succession. Given that this wasn't a traditional security vulnerability, Apple will not provide a common vulnerability and CVE score, but has instead acknowledged it in a separate section of the security support document.
Popular Stories
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
There are widespread reports of Apple users being locked out of their Apple ID overnight for no apparent reason, requiring a password reset before they can log in again. Users say the sudden inexplicable Apple ID sign-out is occurring across multiple devices. When they attempt to sign in again they are locked out of their account and asked to reset their password in order to regain access. ...
Best Buy is discounting a collection of M3 MacBook Pro computers today, this time focusing on the 14-inch version of the laptop. Every deal in this sale requires you to have a My Best Buy Plus or Total membership, although non-members can still get solid second-best prices on these MacBook Pro models. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a...
Apple used to regularly increase the base memory of its Macs up until 2011, the same year Tim Cook was appointed CEO, charts posted on Mastodon by David Schaub show. Earlier this year, Schaub generated two charts: One showing the base memory capacities of Apple's all-in-one Macs from 1984 onwards, and a second depicting Apple's consumer laptop base RAM from 1999 onwards. Both charts were...
Top Rated Comments
It's amazing the number of people you find who have AirDrop wide open at a place like Disney. :rolleyes:
Airdrop is great technology, I wish more people used it. I hardly hear anyone does especially that it is Apple only.
It’s just that one popover layer that forces you to interact with it.
That’s ok I guess, But if you get sent multiple files, which one gets priority?
I propose a new dialog which appears at the top of the screen like a normal notification. Once interacted with, it would show you all incoming connections, what they are and whether you want to accept or reject each transfer. More complicated but I think if done in the Apple way would be simple and useable.
What do you lads and ladies think?