Alleged Bluetooth exploit can remotely wipe nearby iPhones

A security researcher / hacker is claiming to have found a significant remote code execution exploit on iPhone and iPad devices running software up to iOS 15. Supposedly, a malicious actor could use the exploit to remotely wipe a nearby iPhone, without the owner of the device doing anything.

The exploit is hands-off from the perspective of the user, such that they even suggest that riding a bike through a city surreptitiously wiping iPhones is a legitimate possibility. Based on the screenshot of the email with Apple security, the issue has been addressed in iOS 15.1.

iOS devices running iOS 15.0.2 and earlier are supposedly vulnerable. iOS 15.1 closes the hole but is currently only available for developers and public beta testers.

The remote code exploit may also have other implications other than a device wipe, depending on how the attack vector in the iOS Bluetooth stack can be abused.

The reply from Apple security suggests that iOS 15.1 will launch in the week after next. Apple has asked that details of the exploit are kept private until the patch has been made available to customers.The hacker plans to release a full proof-of-concept demonstration then.

Whilst the security bug is concerning, at least we now know when iOS 15.1 is coming out. iOS 15.1 brings several new user-facing features including SharePlay group activities, COVID-19 passes in the Wallet app, ProRes for iPhone 13 Pro and more. Apple seeded the fourth beta of iOS 15.1 earlier today.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:


You can follow iPhoneFirmware.com on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.