Apple has released an update for iOS 9, fixes a critical security flaw allowing intruders to inject malicious files in iPhones that can be used to hijack victim’s phone later on. Security researcher Mark Dowd from Azimuth Security found the issue which affects almost all devices using iOS 7 or later, along with all Mac OS X Yosemite versions. According to PoC where Mark Dowd was forcing crafted files to an iPhone using Apple’s AirDrop, even though the request to transfer was denied by the user. AirDrop provides file sharing facility between iOS and OS X devices using WiFi and/or Bluetooth. AirDrop is vulnerable to directory traversal attack allowing intruders to make modification in victim’s OS setting and install malicious apps and rest will be done accordingly. All an attacker needs to install a malicious app is to have a legitimate Apple enterprise certificate to validate the app’s installation process. <more>

Leave a Reply

Your email address will not be published. Required fields are marked *