On 16th of September 2015, Apple launched their new iOS 9 worldwide. And a major vulnerability in a library of iOS also came along as well. According to experts this vulnerability allows hackers to overwrite the arbitrary files of targeted device. When targeted Apple devices interact or paired with other applications or devices, a used and logged app sends a warning message to users. This vulnerability is present in library of iOS and OS X devices.
How hackers exploit the devices
There are some flaws in AirDrop feature of IOS and OS X devices. By using this flaw, anyone can exploit the Apple devices if he / she is in the range of an AirDrop user. Hackers or cyber crooks can send an AirDrop file that includes malicious codes. After installation this malicious code reboots the target device. This malicious file can install in the system even if user doesn’t accept the request of incoming file.
After rebooting the device, this malicious app or file gains access of springboard of the system. Software ManagerApp of Apple devices allows this app to fool the user so that he / she could not recognize the malicious app.
Effect of AirDrop vulnerability
This malicious app could access the following functionality of Apple iOS-
• Location etc.
When any app is sent through AirDrop it will ask for your permission to install in your device, but with this malicious app it is not the same. It gets installed in the system without user’s consent and whether you accept the incoming file request or not, this file will get installed in your system and send a notification message about the file being downloaded in your system.
It allows attackers to perform the directory traversal attack and to write files in any of the file system and track /change the various installed applications of the system.
Till date Apple does not provide any patch for this vulnerability, but users could avoid or restrict the file sharing option through AirDrop.
By using this hacking trick just after launch of iOS 9 shows that hackers can always grab the opportunity to take all the attention. Now Apple users and security experts are more worried about this bug infection rather than getting excited for new iOS launch. Apple should soon patch the bug else it will vanish the craze of iOS9.
AVG Technical Support (USA)
Toll Free +1-800-243-0051