Apple Patched AirDos Vulnerability With iOS 13.3 Along With Other Security Fixes (Dec 15, 2019)
Apple released iOS 13.3, fixing numerous security bugs affecting Apple iPhones and iPads, including the “AirDos” vulnerability. AirDos, a vulnerability found in the AirDrop feature, has been especially troublesome, in that a potential malicious actor could simply spam a nearby iPhone or iPad with AirDrop share popups, blocking the user interface so the device owner no longer has any functionality on the device. Researcher Kishan Bagaria reported the vulnerability to Apple, even providing a video walkthrough to demonstrate the ease of the attack, and a fix was included in this most recent iOS update. Apple also fixed a Facetime bug and a security-bypass vulnerability affecting the Live Photo feature (CVE-2019-8830 and CVE-2019-8857) in the update.
Recommendation: Users of affected Apple devices should ensure their devices are updated to the latest software version. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.