AirDrop, Apple’s method for wirelessly transmitting data quickly, has a serious bug according to one security researcher. Happily, the issue is easily resolved by updating to iOS 9.
The issue is also patched in the forthcoming OS X El Capitan.
The problem relates to security certificates, according to Mark Dowd of Azimuth Security; when a business wants to deploy apps outside of the App Store, they ‘sign’ that software with an enterprise certificate so your device knows it’s on the up-and-up.
Currently, nefarious folks can reportedly trick your device into accepting a fake certificate, even if you never open an AirDropped file.
Once a file has been sent, the sender has access you likely don’t want them to have. Receiving the file to a device provides knowledgeable hackers access down to the root level.
Dowd says the issue is resolved in iOS 9 and OS X El Capitan, so it’ll be natively solved across the board by the end of the month (El Capitan launches September 30). We’d previously heard similar security fixes were in store for AirPlay.
For now, it’s a good idea to restrict AirDrop to contacts only (or turn it off), and update to iOS 9 as soon as possible.