‘Lost Mode’ on AirTags typically redirects user who finds it to Apple’s website for information. However, AirTags could be exploited to redirect users to malicious sites.

Rauch shared an email showing Apple communicated their intention to fix the bug just hours before — not after — KrebsOnSecurity reached out to them for comment. The story above has been changed to reflect that.

KrebsOnSecurity

Reference: Apple AirTag Bug Enables ‘Good Samaritan’ Attack, AirTag ‘Lost Mode’ Vulnerability Can Redirect Users to Malicious Websites

Recommendations

Developer:

Beware of potential risks.

QA engineer:

Beware of potential risks.

PM/DM:

Beware of potential risks.

Leave a comment

Leave a Reply