This bug was discovered in August by Kishan Bagaria. After acknowledging that Apple was working on fixing the bug, Apple asked Bugaria not to make it public until iOS 13.3 was released.
AirDrop can send files to the surrounding iPhone or iPad, but the receiving device will display a pop-up until the incoming request is accepted or rejected, and other operations will be interrupted.
Although this may be dealt with once, iOS 13.2.3 has no limit on the number of files that can be sent and received. As a result, the attacker simply continued to send the file over and over, causing repeated pop-ups that forced the other device to become unusable.
(embed) https://www.youtube.com/watch?v=B6boxYcAC1k (/ embed)
Mr. Bagalia called this bug "AirDos". AirDrop and DoS attack (Denial Service attack), that is, a technique that interferes with the service, such as intentionally sending a large number of requests.
Devices with AirDrop permission set to "all" were particularly vulnerable to this attack. However, iOS defaults to “Contacts only”, and the actual threat may not have been too great, with the exception of personal pranks.
Anyway, iOS 13.3 limits the number of messages that AirDrop can send in a short time, and bugs can no longer be used. According to Mr. Bagalia, if you reject an AirDrop request from the same device three times, iOS will automatically reject subsequent requests.
Apple said that this bug was not strictly a security vulnerability, so it was not registered in the CVE (Common Vulnerability and Exposure, Vulnerability Database). However,Security update documentsIn appreciation of Mr. Bagalia in, we indirectly admit that the bug existed.
The reason not mentioned in the official release notes may be to prevent attacks on devices that have not been updated to iOS 13.3.