Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
This week, Apple engineers patched a vulnerability that made the iPhone and iPad almost unusable, as gadgets constantly displayed a pop-up message.
The denial of service (DoS) problem was discovered by researcher Kishan Bagaria, who named the attack method AirDoS, as it is directly related to the use of the AirDrop function. Let me remind you that AirDrop allows iPhone, iPad, Mac and iPod users to share photos, documents and other types of files with nearby devices via Bluetooth or Wi-Fi.
Bagaria discovered that an attacker could use AirDrop to spam endlessly to all nearby Apple devices. The dialog box will appear on the screen no matter how many times the user taps the Accept or Decline buttons. The attack will continue even after the user locks and unlocks the device. A PoC video showing the problem in action can be seen below.
The AirDoS attack worked against any device on which users set up AirDrop to accept files from everyone. If files could only be received from people on the contact list, the attacker must be on the victim's contact list for the attack to work.
The researcher writes that AirDoS worked and forgiven macOS devices, although the impact was less severe since the AirDrop dialog box does not block the user interface and the victim can easily turn off Wi-Fi or Bluetooth. Also, the attack could be stopped simply by leaving the area of effect of the attacking device. On iOS and iPadOS, users could stop the attack by turning off Bluetooth and Wi-Fi via Siri or Control Center.
Apple did not assign a CVE identifier to the vulnerability, but fixed the issue in iOS 13.3, iPadOS 13.3, and macOS 10.15.2. The company has implemented a special limitation mechanism, so if a user rejects three AirDrop requests in a row, the OS will automatically reject all subsequent requests from this device.
Сhatex is a top-end exchanger in Telegram. Multi-wallet: BTC, LTC, USDT and 5 more cryptocurrencies. This is a full-fledged P2P exchange without verification!
