AWDL flaws open Apple users to tracking, MitM, malware planting

From zdnet.com

Apple AirDrop issues


Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks.

SOME FLAWS REQUIRE A PROTOCOL/SERVICE REDESIGNS

As for patches against these attacks, the research team said they notified Apple of all the vulnerabilities they found, between August and December 2018.”While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services,” researchers said.The fix for the AWDL DoS bug (CVE-2019-8612) rolled out in mid-May, with the release of iOS 12.3, tvOS 12.3, watchOS 5.2.1, and macOS 10.14.5.

The rest of the AWDL vulnerabilities will likely remain exploitable for the foreseeable future.

Read more…