Some days ago, Mark Dowd, a security researcher, discovered a critical flaw in iOS 9 that allows an attacker within Bluetooth range of an iPhone to install malicious apps using the Airdrop filesharing feature.
A report published in Ars Technica confirms that after that, the researcher privately reported it to Apple.
Then, Apple released a press statement on Wednesday informing that the vulnerability has been mitigated in iOS 9.
However, the researcher did not stop his research and revealed that the bug still hasn’t been fixed.
The mitigations available in Wednesday’s release of iOS 9 are one more benefit that security-conscious iPhone users should consider when deciding whether to install the update.
The researcher exploited a directory traversal flaw that allows attackers to write and overwrite files of their choice to just about any file location they want.
The researcher used an enterprise certificate that Apple makes available to developers so large organizations can install custom apps on large fleets of iPhones.
During his research, his technique installs did not generate a dialog that warns the end user that the app is signed by a third party and asking for approval to proceed.
“Another method for bypassing iOS code-signing restrictions would be to combine my Airdrop hack with jailbreak exploit, such as the TaiG jailbreak that Apple recently patched with version 8.4 of iOS,” he said.
He posted a video to show how thw bug allows attackers who briefly have physical access to a vulnerable iPhone or who are within Bluetooth range of it, to install an app that the device will trust without prompting the user with a warning dialog.