Today, Apple released iOS 13.3, which included fixes for a slew of vulnerabilities including an AirDrop bug that could temporarily lock nearby iPhones.
Kishan Bagaria discovered the AirDrop bug, which he calls AirDoS.
When asked to describe the bug, Kishan said he was able to repeatedly send files with an open-source tool to nearby devices. When the file is received iOS blocks the display until the file is accepted or rejected.
However, denying the request is pointless because an attacker can keep sending the files over and over, repeatedly displaying the file accept box and causing the device to get stuck in a loop.
iPhone users who have their AirDrop setting set to “Everyone” were most at risk.
Prior to the release of iOS 13.3, Kishan said, the only solution to this attack was to get out of wireless range of the attacker. Once the user was out of range, they could turn off Bluetooth.
TechCrunch reports that “Apple fixed the bug by adding a rate-limit that prevents a barrage of requests over a short period of time.” Meaning, that iOS will automatically decline requests from a device that has been denied three times.