Apple is taking longer than expected to fix one of the biggest iOS flaws in recent months. However, the American giant is usually known for its responsiveness, so what explains such a delay?
Despite multiple updates to iOS 17 since the initial report in September, Apple has still not fixed a critical security flaw exploited by the Flipper Zero device that is causing iPhones and iPads to crash. The attack, which uses a faulty Bluetooth pairing sequence, remains unsolved, which raises concerns about Apple’s effectiveness in correcting these types of problems.
As a reminder, hackers had hijacked the Flipper Zero, a portable device for network frequency testers. The latter had been transformed into a tool capable of carrying out denial of service (DoS) attacks. By exploiting a flaw in the Bluetooth Low-Energy (BLE) pairing sequence, Flipper Zero floods iPhones and iPads with fake Bluetooth connection pop-ups, causing devices to crash and eventually reboot.
Also read – Why the flaw that crashes iPhones is nothing to worry about Android users
Apple takes time to correct the problem on its iPhones
The vulnerability lies in the BLE technology used by Apple in various ecosystem functions such as AirDrop, HandOff, iBeacon, HomeKit, and Apple Watch features. Specifically, the attack capitalizes on the ability to spoof advertising packets (ADV packets), which are used to identify local devices. This flaw allows hackers to overwhelm Apple devices with fake notifications, exploiting the seamless pairing experience that BLE provides for operations such as connecting AirPods.
The Flipper Zero attack, with a Bluetooth radio range of approximately 50 meters, requires the attacker to be nearby. However, it is the lack of a defense mechanism that poses a problem. Currently, the only recommended precaution is to deactivate Bluetooth in the device settingsa solution that significantly limits functionality and is temporary as Apple restores Bluetooth functionality after system updates.
Despite various reports from users who have indicated that they have been victims of this flaw, Apple is slow to resolve the problem. Although technical challenges may contribute, some believe thatApple may not consider the flaw a big enough threat to prioritize a quick resolution, as this does not, for example, compromise your user data.