Recently, researchers from Google’s Project Zero team have released a detailed explanation for a wormable iOS exploit that leverages the Apple Wireless Direct Link (AWDL) along with BSS Steering to remotely takeover nearby iOS devices. AWDL is used by some of the common Apple local network communication functionality, including Air Drop. AWDL essentially sets up a distributed wireless mesh network for iOS devices, which allow for easy sharing. While AWDL can be disabled, the attack detailed in the Project Zero writeup will also remotely enable AWDL before running the exploit. This vulnerability was patched in May of 2020, and was instantly noticed by some exploit-focused companies, indicating that this vulnerability might not have been as unknown as previously thought.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.