123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Business >> View Article

Apple Fixes "airdos" Vulnerability, Which Paralyzes Nearby Iphones And Ipads

Profile Picture
By Author: Handset Recycle
Total Articles: 271
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Apple fixed a bug that prevented nearby hackers from using the iPad and iPhone.

Apple Corp. on Tuesday fixed a bug in AirDrop, a file exchange feature that made hackers nearby unable to use iPhones and iPads. The vulnerability was found to open the door to a denial-of-service attack where an attacker could use AirDrop shared pop-up notifications to send spam emails to all nearby iPhones and iPads indefinitely.

"This shared pop-up window blocks the user interface, so device owners will not be able to continue doing anything on the device unless it accepts / rejects the pop-up window and the pop-up window will continue to appear. It will also persist, "independent researcher Kishan Bagaria wrote in a post outlining his findings.

Apple fixes were released on Tuesday and include all other fixes for Apple Watch, iOS and macOS Catalina.

Bagaria calls this flaw AirDoS, which is a gameplay of Apple's feature names AirDrop and DoS (denial of service). AirDrop is a feature in iOS and macOS that allows files to be transferred using Wi-Fi or Bluetooth. "When someone uses AirDrop to share content with you, you ...
... see an alert with a preview. You can click to accept or decline," Apple described on its support page.

"This error is still subject to AirDrop receiving settings, which means that if your AirDrop setting is set to" Everyone, "anyone can become an attacker, but if you set it to" Contacts only, "only Someone from your contacts can be an attacker, Bagaria wrote.

Bagaria said that in addition to updating to the latest version of iOS 13.3 to resolve the issue, users can also turn off the AirDrop feature in Settings. To stop active attacks, he suggests having Siri turn off Wi-Fi and Bluetooth radios on your iPad or iPhone.

The researcher said that he reported the bug to Apple in August, and the bug was fixed in the latest iOS update (13.3). The proof-of-concept of the attack has been posted to GitHub, and a video about the ongoing attack is available on YouTube.

After researchers found six serious bugs in the mobile operating system, Apple Watch 6.1.0 users were also urged to update their hardware to the latest 6.1.1 version of watchOS software.

If it is not patched in time, Apple warns attackers that it may cause memory corruption issues on the target Apple Watch and exploits vulnerabilities to gain system or kernel privileges.

According to each Common Vulnerability and Disclosure (CVE) description, the attack complexity of the six vulnerabilities is "low"-meaning that the attack will not be difficult to perform.

According to CVE's description of the bug tracked as CVE-2019-8828, "By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges." Like other watchOS errors, this memory corruption vulnerability has a CVSS 3.0 base score of 7.8.

In all watchOS cases, this fix is ​​an upgrade to watchOS 6.1.1.

On Tuesday, Apple also fixed a series of issues with its new versions of iOS and macOS.

The fix includes an item bundled with FaceTime (CVE-2019-8830). According to Apple, the vulnerability could allow malicious videos to be processed through FaceTime, which could lead to arbitrary code execution. The vulnerability was discovered by Natalie Silvanovich of Google Project Zero and is classified as a "out-of-bounds read" vulnerability that can be addressed through improved input validation.

Another bug was fixed in Apple's Live Photos feature (CVE-2019-8857), which affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation IOS users. Apple wrote: "Even if live photos are disabled in the share table carousel, live photo audio and video data can be shared via iCloud links."

Are you are looking for iPhone repair service? Then, UkiPhonerepair could be the best choice where you can get quick phone repair service with 12 month warranty on the repair service we offer.

For more details on UK iPhone repair services, visit the website http://ukiphonerepair.co.uk

Total Views: 351Word Count: 646See All articles From Author

Add Comment

Business Articles

1. Transform Your Outdoor Space With Landscape Man Professional Services Uk
Author: Vikram kumar

2. The Ultimate Guide To Best Investment Real Estate In Konkan
Author: codename oxygen

3. Lucintel Forecasts The Global Induction Flushing System Market To Grow With A Cagr Of 3.6% From 2024 To 2030
Author: Lucintel LLC

4. Why Your Business Needs A Dynamics 365 Customer Portal
Author: crmjetty

5. Lucintel Forecasts The Global Indium Trioxide Market To Grow With A Cagr Of 3.8% From 2024 To 2030
Author: Lucintel LLC

6. Mg Hector Gloster Price In Chennai: A Comprehensive Overview
Author: balaji

7. Chennai Mg Hector On Road Price: An Extensive Overview
Author: balaji

8. Maximizing Financial Success With Investment Banking, Wealth Management, And Credit Solutions
Author: Drishti Desai

9. Airline Inventory System
Author: Yugababu

10. Lucintel Forecasts The Global Exterior Insulation And Finish System Siding Market To Grow With A Cagr Of 9.9% From 2024 To 2030
Author: Lucintel LLC

11. Looking For Erp With Crm? Ultimate Solution For Sales And Customer Support
Author: Emmanuel Mathew

12. Lucintel Forecasts The Global Ergonomic Office Chair Market To Grow With A Cagr Of 4.9% From 2024 To 2030
Author: Lucintel LLC

13. Lucintel Forecasts The Global Embedded Host Bridge Market To Grow With A Cagr Of 5.3% From 2024 To 2030
Author: Lucintel LLC

14. Lucintel Forecasts The Global Digital Paraffin Warmer Market To Grow With A Cagr Of 3.4% From 2024 To 2030
Author: Lucintel LLC

15. Common Lead Gen Pitfalls And How To Overcome Them
Author: tim seifert

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: