This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range - WIRED

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

To revist this article, visit My Profile, then View saved stories.

"Close access network attacks like this aren’t something you hear about every day.".

The vulnerability, which Apple patched back in May, involved a flaw in one of the kernel drivers for Apple Wireless Direct Link, the proprietary mesh networking protocol Apple uses to offer slick over-the-air features like AirDrop and Sidecar.

In his write-up of the attack, Beer says there is no indication that the vulnerabilities he found were ever exploited in the wild, but he did note that at least one exploit broker seemed to have been aware of the flaw before Apple released the patch in May.

"Close access network attacks like this aren’t something you hear about every day.".

"Having such a large and privileged attack surface reachable by anyone means the security of that code is paramount, and unfortunately the quality of the AWDL code was at times fairly poor and seemingly untested," Beer wrote.

But he adds that there is a particular security tradeoff when it comes to protocols like AWDL that are accessible virtually all the time.

One that hopefully doesn't portend other issues in Apple's closely-held AWDL code.