SkipToMainContent

Emerging Threats

Bug in Apple’s iOS and OSX AirDrop could allow malware to be installed silently


Written by a NortonLifeLock employee

 

A vulnerability in Apple’s AirDrop feature has been discovered by Australian security researcher Mark Dowd.  AirDrop is an “over-the-air” file sharing service that uses Bluetooth and WiFi, and is built into iOS and Mac OS X products. AirDrop automatically detects supported devices, and the devices need to be close enough to establish a good Wi-Fi connection in order to exchange files. The bug could allow someone within the range of an AirDrop user to silently install a malicious app on a target Apple device by sending the file via AirDrop.

The vulnerability affects iOS versions supporting AirDrop from iOS 7 up, as well as Mac OS X versions from Yosemite up.

Protection Is An Easy Fix

  • Be vigilant about installing patches from Apple. Upgrade your devices to iOS 9 and OS X 10.11 El Capitan as soon as they become available.
  • Turn off Bluetooth and WiFi unless you are actively using it, if possible.  
  • Limit AirDrop sharing to ‘Contacts Only’.
  • If you don’t use AirDrop at all, you can disable it by swiping up from the bottom of the iOS screen. Tap on AirDrop, and tap on “Off.”

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.