iOS 9 is only a few minutes away from us which means making the decision of upgrading to it right away or waiting for some early reviews. If its extensive list of features wasn't enough to make you upgrade to iOS 9, there is now a more critical and important reason to update to iOS 9 as soon as it's landed on your iOS devices. If you want to avoid having your iOS device being wirelessly hijacked by an attacker within the Bluetooth range, make sure you don't wait long to upgrade to iOS 9.
Mark Dowd, security researcher and consultant heading Azimuth Security, tweeted earlier today disclosing a nasty vulnerability in AirDrop, Apple's over-the-air file sharing service.
AirDrop bug can be used to target people wirelessly in close proximity. Also useful for lock-screen bypass
— mdowd (@mdowd) September 16, 2015
This vulnerability could be exploited to take complete control of your devices, however, much to our peace of mind, iOS 9 is already carrying the patch for this exploit. Dowd had warned Apple about this bug over a month ago, disclosing it publicly today. He has explained that the attacker sends a file using AirDrop; once the device reboots, this malicious app gains access to Springboard, which means it can get itself the same rights as a normal, trusted app. This attack while being used to install malicious apps could also be used as a way to bypass lockscreen.
Dowd has demonstrated the exploit in a video, while hiding the full details as requested by Apple. Here is how this vulnerability allows someone in the Bluetooth range to install malicious apps on iPhones and Mac using the AirDrop file sharing feature.
Anyone in the range of the target device could install malware even if the victim didn't accept the offered files. Dowd explained, “it doesn’t matter if they reject it or accept it, the vulnerability is already triggered by the time they can react to it.”
Devices on iOS 7 onwards and OS X Yosemite are vulnerable to this exploit. The only way for iOS devices to stay safe is to upgrade to iOS 9 as soon as it's made available later today. MacBook owners, however, get the choice to simply disable Airdrop and their computer's Bluetooth feature to avoid the attackers from installing malware. This simple trick reportedly doesn't work on iOS devices. Even for the Macs, it is strongly advised to update to OS X 10.11 El Capitan as it carries the patch for the bug.
