AirDrop vulnerability would allow hackers to hijack a device using Bluetooth
iPhone owners are being urged to update their devices to the latest version of the iOS operating system in order to protect themselves from a dangerous vulnerability regarding Bluetooth connectivity.
iOS 9, which went live to Apple device users earlier this week, reportedly fixes a flaw which can allow hackers to hijack an iPhone via the device’s Bluetooth network.
That’s according to Australian security researcher and consultant Mark Dowd from Azimuth security, who noted that the update includes a patch for a vulnerability that he warned Apple about over a month ago.
Read More: Top 10 iOS 9 Features for Businesses
The flaw, which affects devices running iOS 7 onwards, can let hackers install malicious apps on iPhones and Macs via the Bluetooth-enabled AirDrop file-sharing feature. Anyone in range of a target device that has AirDrop turned on could take advantage of this to install malware on the phone or PC, even if the victim didn’t tap “accept” for the offered file.
“It doesn’t matter if they reject it or accept it, the vulnerability is already triggered by the time they can react to it,” Dowd told Forbes.
Dowd also revealed a further vulnerability that takes advantage of a flaw in Apple’s mobile operating system. This allows companies to install an unapproved application on an iPhone that hasn’t been jailbroken, thanks to rules that allow them to install their own custom apps.
The flaw can even allow the app’s developers to disable the pop-up prompt that asks you if you want to trust the program’s author, and after gaining access, the attacker would then wait until your phone next rebooted before potentially installing malware.
“Vulnerabilities like this one should remind users of the importance of keeping your systems current with security updates,” said Tim Erlin, director of security and product management at Tripwire.
“Unfortunately, those who would most benefit from hearing this advice are also the hardest to reach. There’s no doubt that this vulnerability will persist and be exploited on devices that aren’t updated.”
iOS 9 is available now as a free download for the iPhone 4S or later, the iPad 2 or later and the iPad mini or later. It will also come pre-loaded on the iPhone 6S and 6S Plus announced last week.
iOS 9 improves standard applications and Siri, adds new enterprise features and provides enhanced multitasking support for newer iPads.
How well do you know Apple? Take our quiz!