A researcher Mark Dowd has revealed vulnerability within AirDrop which allowed attacker to install Malware in the Apple device within the range of 50 meters. This vulnerability affects all the devices running iOS 7 or higher. Apple claimed to fix this vulnerability in iOS 9 which is now available to download, but researcher confirmed that vulnerability still exists. Apple will fix this flaw in Mac in OS X 10.11 El Capitan update due on September 30.
According to researcher, if AirDrop is set to accept files from anyone in the vulnerable devices, attacker can install the app in the device from nearby and it will not show any warning dialogues to device owner. He also published a proof-of-concept in a video which you watch below. He demonstrated how he could steal important data such as GPS coordinates, messages, contact or control the device’s camera.
I recommend all Apple device owners to set the AirDrop to off or contacts only. Remove it from control central and do not leave your phone with any suspect person. Keep Bluetooth and Wi-Fi off if not in use. Users should also update their devices to new platform as soon as the update is available.
