AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
A researcher discovered and reported a remote code execution exploit that could allow an attacker to wipe iPhone and iPad devices running all iOS versions up to iOS 15.
Twitter user @RobertCFO posted on Wednesday that he had found a bug that would enable a user to use a high-level proximity Bluetooth LE exploit to remotely wipe iPhones and iPads without any access to the devices. The user also states that he will provide proof of concept at a later date.
POC? RCE up to 15.0.X ~ High level proximity based Bluetooth LE exploit to remote wipe iDevices based on proximity alone! No physical device access.
In short can put a laptop in a backpack and ride a bike in a city wiping iPhones 🙂
— Robert (@RobertCFO) October 13, 2021
Included in the Tweet is a screenshot of an email exchange he had with a member of Apple’s Product Security Team. The team member acknowledges the issue and states that it will be resolved in iOS 15.1, which the Apple representative said will roll out the week of Monday, October 25 — the week after Apple’s “Unleashed” event.
Apple also asked Robert to keep the email and the details of the exploit confidential until the patches were released to users.