AirDrop, the file sharing service built into iOS and OS X, has been exposed to an attack that can take control of an iPhone — just by installing an app.
Mark Dowd, a security researcher, has revealed the exploit, which involves rebooting the phone after receiving an AirDrop file, according to Forbes.
According to Dowd, the only way to prevent this attack is by updating to iOS 9 and OS X 10.11 El Capitan, which come out September 16 and 30 respectively.
The AirDrop file is a piece of malware disguised as an app which, when the phone is rebooted, can then gain access to Springboard, Apple’s tool that manages the iOS homescreen, allowing it to fool the phone into believing it has the same rights as a normal app. These rights include access to contacts, the camera, location and more.
While each app is “sandboxed” — meaning that apps are in their own “container,” limiting access to other aspects of the phone — Dowd argues that a more illustrious hacker could break into other areas of the operating system, causing untold damage to the phone.
Apple has responded to the flaw, putting AirDrop in its own sandbox but users will need to download iOS 9 to receive this security upgrade.
Business Insider has reached out to Apple to ask about the flaw and will update the article when we hear back.
Business Insider Emails & Alerts
Site highlights each day to your inbox.