Number: IRCNE2015092630
Date: 2015/09/18
According to “zdnet”, a researcher has revealed how a vulnerability within the AirDrop service can be exploited to compromise a victim's Apple device.
As the latest version of Apple's mobile operating system, iOS 9, becomes available, a serious security flaw present in previous versions makes updating crucial.
Australian security researcher Mark Dowd from Azimuth Security has demonstrated the existence of a serious issue impacting the AirDrop service which could leave users vulnerable to attack.
Speaking to Forbes, Dowd said the attack can take place when a hacker is in range of an AirDrop user. Once exploited, an attacker is able to issue a malware payload via a directory traversal attack.
The AirDrop service is proprietary software which enables the transfer of content including images, videos and GPS data with others nearby who also have an Apple device. While turned off by default, the platform can be enabled from the home screen.
The security problem has been fixed in iOS 9 and in Mac OS X El Capitan 10.11. Users should update their devices as soon as possible, and make sure the service is off until updates have been installed.
- 8