Airdrop Flaw Exposes Apple Users to Cyber Attacks

A vulnerability within Apple Wireless Direct Link (AWDL) has been identified that could allow threat actors to perform various attacks including tracking users, injecting malware, and intercepting or modifying transmitted files through a man-in-the-middle (MiTM) attack. AWDL, or Airdrop, is a combination of wireless local area network (WLAN) and Bluetooth Low Energy (BLE) used to enable device-to-device communications. The flaw lies within the BLE discovery mechanism. AWDL is deployed in over one billion Apple operating systems and devices. The NJCCIC recommends that users of affected devices consider disabling Bluetooth to mitigate the risks of this Airdrop flaw. Further information regarding the AWDL vulnerability can be found in the ARS Technica articleand the Help Net Security article.