Skip to main content

Apple fixes "AirDoS" vulnerability, which paralyzes nearby iPhones and iPads

Apple fixed a bug that prevented nearby hackers from using the iPad and iPhone.

Apple Corp. on Tuesday fixed a bug in AirDrop, a file exchange feature that made hackers nearby unable to use iPhones and iPads. The vulnerability was found to open the door to a denial-of-service attack where an attacker could use AirDrop shared pop-up notifications to send spam emails to all nearby iPhones and iPads indefinitely.

"This shared pop-up window blocks the user interface, so device owners will not be able to continue doing anything on the device unless it accepts / rejects the pop-up window and the pop-up window will continue to appear. It will also persist, "independent researcher Kishan Bagaria wrote in a post outlining his findings.

Apple fixes were released on Tuesday and include all other fixes for Apple Watch, iOS and macOS Catalina.

Bagaria calls this flaw AirDoS, which is a gameplay of Apple's feature names AirDrop and DoS (denial of service). AirDrop is a feature in iOS and macOS that allows files to be transferred using Wi-Fi or Bluetooth. "When someone uses AirDrop to share content with you, you see an alert with a preview. You can click to accept or decline," Apple described on its support page.

"This error is still subject to AirDrop receiving settings, which means that if your AirDrop setting is set to" Everyone, "anyone can become an attacker, but if you set it to" Contacts only, "only Someone from your contacts can be an attacker, Bagaria wrote.

Bagaria said that in addition to updating to the latest version of iOS 13.3 to resolve the issue, users can also turn off the AirDrop feature in Settings. To stop active attacks, he suggests having Siri turn off Wi-Fi and Bluetooth radios on your iPad or iPhone.

The researcher said that he reported the bug to Apple in August, and the bug was fixed in the latest iOS update (13.3). The proof-of-concept of the attack has been posted to GitHub, and a video about the ongoing attack is available on YouTube.

After researchers found six serious bugs in the mobile operating system, Apple Watch 6.1.0 users were also urged to update their hardware to the latest 6.1.1 version of watchOS software.

If it is not patched in time, Apple warns attackers that it may cause memory corruption issues on the target Apple Watch and exploits vulnerabilities to gain system or kernel privileges.

According to each Common Vulnerability and Disclosure (CVE) description, the attack complexity of the six vulnerabilities is "low"-meaning that the attack will not be difficult to perform.

According to CVE's description of the bug tracked as CVE-2019-8828, "By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges." Like other watchOS errors, this memory corruption vulnerability has a CVSS 3.0 base score of 7.8.

In all watchOS cases, this fix is ​​an upgrade to watchOS 6.1.1.

On Tuesday, Apple also fixed a series of issues with its new versions of iOS and macOS.

The fix includes an item bundled with FaceTime (CVE-2019-8830). According to Apple, the vulnerability could allow malicious videos to be processed through FaceTime, which could lead to arbitrary code execution. The vulnerability was discovered by Natalie Silvanovich of Google Project Zero and is classified as a "out-of-bounds read" vulnerability that can be addressed through improved input validation.

Another bug was fixed in Apple's Live Photos feature (CVE-2019-8857), which affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation IOS users. Apple wrote: "Even if live photos are disabled in the share table carousel, live photo audio and video data can be shared via iCloud links."

Are you are looking for iPhone repair service? Then, UkiPhonerepair could be the best choice where you can get quick phone repair service with 12 month warranty on the repair service we offer.

For more details on UK iPhone repair services, visit the website http://ukiphonerepair.co.uk

Comments

Post a Comment

Popular posts from this blog

Is foldable smartphones going to be the future

Samsung is making a giant phone that folds in half and sells for $1,770. The Galaxy F is said to be released in March next year, and the company plans to sell one million of them in 2019. The phone is basically a tablet that can be folded into a mobile phone, which is said to be able to open, as "snap" as the previous flip phone. but why? Cable TV's Brian Barrett traces the history of collapsible smartphone technology in a weekend report, saying: "These scenes are tempting: you can keep your smartphone in single-screen mode on the way to the subway. Check in on Twitter and then expand it. Once you get on the train and read the New York Times, you can see the size of the tablet. This attraction is very obvious and people wonder why it took so long." Is that kind of scene really tempting? Is the attraction obvious enough? Maybe I missed something here, but it seems that at best it is just a possible thing, I won't scream. If I see a mobile phone folded in...
Post a Comment
Read more

A few tips to choose the best mobile phone

If you were looking for the best mobile phone in the market, one of the first criteria you should consider is that the device should support 4G connectivity. There are dozens of other features and factors, but this single feature can benefit you in so many different ways. This guide becomes the main reasons for choosing a 4G device and the key features to watch when the perfect device is chosen for yourself or to be donated to someone. Why to choose a 4G device There are many advantages of using a device that supports the 4G network. This includes: • Access to highspeed data - Whether for official or personal purpose, you can access highspeed data on your smartphone. You can play games, stream videos, play online music and do much more in a moment. Office work and other professional tasks are also a breeze. • Estimated voice calls - Another advantage of choosing a 4g phone is that you can make voice-free calls. The previous devices supporting 2G and 3G may not match the voice qua...
Post a Comment
Read more

Why we should be a part of mobile app revolution

If you have a business, you must be aware of the fact that mobile apps are making a huge difference in how people work, shop or connect. Applications are becoming a bridge between customers, employees and products or services. The rise of smartphones has created a thriving market for mobile applications, which actually helps companies increase productivity by effectively mobilizing resources and enhancing the user experience. While this process is gradual and iterative, mobility has brought about dramatic changes in how companies operate. Providing mobile apps for your business will provide your customers with easy access. It helps them to contact you at any time of the day, even on the go. The simple front end of an enterprise application is often attractive and intuitive, so people can enjoy it while enjoying a variety of services. Not only shopping, people can play, watch movies, listen to music, do all kinds of other work without much trouble. Mobile apps bring a sense of freshn...
Post a Comment
Read more