Google’s Project Zero publishes another vulnerability that affected iPhones' security: a zero-click AirDrop exploit

Google’s Project Zero publishes another vulnerability that affected iPhones' security: a zero-click AirDrop exploit
Google’s Project Zero has been discovering some vulnerabilities in iPhones’ security, and after such vulnerabilities have been patched by Apple in security updates, the team publicly discloses them. This newly announced vulnerability affected AirDrop – a feature that allowed iPhone users to seamlessly transfer files between iPhones.

Don’t worry, this vulnerability has been patched by Apple already, so if you have installed the latest version of iOS (it was patched in iOS 13.5), you are not subject to this risk. However, these types of discoveries show that Apple devices are not immune to hackers as much as people once thought.

Tech Radar reports that in Project Zero’s findings, the vulnerability is explained to be connected with AirDrop and it only necessitates the hacker to be within Wi-Fi distance of your iPhone. This means the vulnerability could have been exploited without you having to click on any links or perform any action for the hacker to gain access to your smartphone. The researchers from Project Zero underline that although it took them six months to crack this vulnerability, some malicious users can have better technology or access and could exploit such vulnerabilities much more easily.


Rest assured that no evidence that this iPhone flaw was exploited has been found. It may just seem worrying that Apple’s devices are also subject to this type of zero-click exploitation. This security flaw was found by researcher Ian Beer from Google’s Project Zero. The researcher explains thoroughly his process of finding and exploiting the vulnerability in Project Zero's official report, so check it out if you’re interested.

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless