In the eighth update to iOS 13 since September, Apple fixed a bug that would let attackers temporarily lock out users of their iPhones and iPads, and also boosted support for authentication.
The bug, found in the AirDrop file-sharing tool, does not place limits on alerts sent by another iPhone user so the screen remains engaged by the notification until a download is accepted or rejected, giving an attacker ample opportunity to keep spamming a device and thereby blocking access.
“In this case, the convenience of the AirDrop feature is highjacked to deny the availability of the entire iPhone,” said Jonathan Knudsen, senior security strategist at Synopsys. “If there is a silver lining for this vulnerability, it's that it requires physical proximity, which at least means you cannot be attacked from anywhere on the internet.”
The denial-of-service bug, dubbed AirDoS, “lets an attacker infinitely spam all nearby iOS devices with the AirDrop share popup,” the security researcher who discovered it, Kishan Bagaria, said in a blog post, noting he reported the find to Apple in August but didn’t go public to give the company a chance to issue a fix.
“This share popup blocks the UI so the device owner won't be able to do anything on the device except Accept/Decline the popup, which will keep reappearing. It will persist even after locking/unlocking the device,” he explained. Bagaria posted a proof of concept after Apple released the update.
iOS 13.3 fixes the glitch and also leverages the WebAuthn standard to provide native support for security keys in compliance with FIDO. But having so many updates to iOS 13 in a such a short period of time stokes concerns that this latest update might prove buggy as well.
“Given the complexity of iOS and the app ecosystem, it's inevitable that vulnerabilities such as this will continue to be found and fixed,” said Knudsen. “For manufacturers such as Apple, finding and fixing as many vulnerabilities as possible before release is ideal. Some vulnerabilities will always remain undetected, however, so it is important to respond promptly.”