Apple has released iOS 9. Along with many new and improved security and privacy features, fixes for a bucketload of security vulnerabilities have been included in this latest version of the company’s mobile OS.
Among these is one in particular that should scare users and push them to upgrade as soon as possible: a vulnerability that can be exploited by attackers to install malicious apps on a target’s iPhone or Mac via the AirDrop filesharing feature, without the need to obtain the target’s permission (i.e. accept the AirDrop request).
This is possible because Apple permits apps signed with Apple enterprise certificates – usually granted to companies so that they can seamlessly “sideload” software to their employees devices – to be installed from sites other than the App Store. Unfortunately, these certificates can and are occasionally stolen and misused by malware peddlers.
The bug was discovered last month by Mark Down, security researcher, founder and director of Azimuth Security, who notified Apple about it immediately.
Here is a video demonstration of how the bug can be exploited:
To execute the compromise, the attacker simply needs to be within Bluetooth range of the target who has AirDrop (and thus Bluetooth) enabled. If he or she have temporary physical access to the target’s iPhone, they can turn on AirDrop easily via the lockscreen.
The new iOS version plugged the hole temporarily by implementing a sandbox around AirDrop, so that attackers can’t write files to arbitrary locations on the phone via that service.
A more permanent fix is coming, and until then Down will refrain from revealing more information about the vulnerability.
iPhone users are advised to update to iOS 9 as soon as possible and OS X users can upgrade to version 10.11 when it’s released later this month. Turning off AirDrop until then is a temporary and imperfect mitigation, but should be done.