In the eighth update to iOS 13 since September, Apple fixed a bug that would let attackers temporarily lock out users of their iPhones and iPads, and also boosted support for authentication.
The bug, found in the AirDrop file-sharing tool, does not place limits on alerts sent by another iPhone user so the screen remains engaged by the notification until a download is accepted or rejected, giving an attacker ample opportunity to keep spamming a device and thereby blocking access.
“In this case, the convenience of the AirDrop feature is highjacked to deny the availability of the entire iPhone,” said Jonathan Knudsen, senior security strategist at Synopsys. “If there is a silver lining for this vulnerability, it's that it requires physical proximity, which at least means you cannot be attacked from anywhere on the internet.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.