Apple’s iOS had a bug which let anyone temporarily lock users out of their iPhones and iPads by forcing their devices into an inescapable loop. However, the company has said that it has now fixed this bug.
The bug was in AirDrop, a feature from Apple that enables users of one Apple device transfer files or data to another. Kishan Baggaria found that the app let him repeatedly sent files to all devices able to accept files within wireless range of an attacker.
When a file is received, iOS blocks the display until the file is accepted or rejected. However, since iOS didn’t limit the number of file requests a device can accept, an attacker can simply keep sending files again and again, repeatedly displaying the file accept box, causing the device to get stuck in a loop.
Bagaria calls the bug “AirDoS”, a term made based on DoS “denial-of-service,” which effectively denies a user access to their device. In this, devices that had their AirDrop setting set to receive files from “Everyone” were mostly at risk.
Turning off Bluetooth would effectively prevent the attack. But Kishan Bararia said that the file accept box is so persistent it’s near-impossible to turn off Bluetooth when an attack is under way.
Apple fixed the bug by adding a rate-limit, preventing a barrage of requests over a short period of time. Because the bug wasn’t strictly a security vulnerability, Apple said it would not issue a common vulnerability and exposure (CVE) score, typically associated with security-related issues. However, the company said that it would “publicly acknowledge” his findings in the security advisory.