Apple iOS Trustjacking Vulnerability
A new vulnerability has been discovered with iOS devices which lets you exploit the “WiFi Sync” feature allowing a malicious user unauthorised access to a device wirelessly.
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
A new vulnerability has been discovered with iOS devices which lets you exploit the “WiFi Sync” feature allowing a malicious user unauthorised access to a device wirelessly.
Affected platforms
The following platforms are known to be affected:
Threat details
WiFi Sync Is a feature on iOS that lets you manage your devices from your computer without connecting them. If this feature is enabled and you connect to a new device, it may ask you whether you trust the device. If this is allowed it can give unauthorised access to the device even when the device is disconnected from the computer or charger it was connected to.
This can let malicious users remotely view the device screen, install malicious apps and steal things like Photos, Message history and App data.
Remediation steps
Last edited: 19 January 2022 1:58 pm