Apple Fixes ‘AirDos’ Bug! Update now!
Posted by Michael on 07/01/2020
Airdrop, Apple’s file-dropping/file-swapping feature was found with a vulnerability which basically rendered the victims iPad & iPhones unusable. This vulnerability is known as a Denial of Service attack depends on the Airdrop alert setting which can either be used by everyone, contacts or disabled. Having it set to everyone will allow anyone to attack you, and if it’s set to contacts only your contacts can attack you.
An attacker can repeatedly send files which bring up the Apple Airdrop prompt to accept or decline the file which in turn forces the victim in the state of accepting or declining the Airdrop rendering their phone or tablet unusable. IOS update 13.3 should fix the issue from happening.
Apple released a fix for this vulnerability in the latest IOS update which also included a few other vulnerability fixes. These vulnerabilities included six high-severity flaws in the Apple Watch alone which unpatched may cause ‘memory corruption’ issues and exploit vulnerabilities resulting in system privileges or Kernel privileges. WatchOS upgrade 6.1.1 should patch the issue.
Apples ‘FaceTime’ was also hit with a vulnerability which if done correctly FaceTime would process a malicious video for the purpose of executing arbitrary code execution (CVE-2019-8830). This bug is classified as an ‘out-of-bounds read’ flaw.