14 DAY TRIAL // Today's release of iOS 9 has fixed a security vulnerability in the operating system that allows attackers to push malicious files to iPhones, with the help of which they can hijack the user's phone.
The bug was discovered by security researcher Mark Dowd from Azimuth Security and affects all devices running iOS 7 or later, along with all Mac OS X versions starting with Yosemite onwards.
According to his investigation and a proof of concept video, Mr. Dowd was able to force maliciously crafted files to an iPhone, even if the user refused the transfer using Apple's AirDrop.
For Android and Windows users reading this article, AirDrop is an Apple technology that allows easy file-sharing between iOS and OS X devices using WiFi and/or Bluetooth.
The attacker needs to be in close proximity to his target
Any attacker in close proximity to an Apple AirDrop-enabled device (which is 10 meters/32 feet) can carry out a "directory traversal attack" and make changes to the user's device by modifying OS settings and even installing malicious apps.
The only condition for the attacker wanting to install or replace an app on the user's device is to have a valid Apple enterprise certificate to validate the app's installation process.
Enterprise certificates are usually used with sideloaded apps, and distributed by Apple to businesses who want their users to install custom iOS apps not distributed through the official App Store. Such certificates can easily be purchased on the Dark Web.
For now, Apple has partially fixed the AirDrop issue with the release of iOS 9, and the researcher has promised to provide a technical write-up of the entire vulnerability, after Apple completely fixes its issues. Additionally, Dowd will also be presenting his research on this topic at the Ruxcon 2015 security conference in Melbourne, Australia.
