Apple and Google Address AirDrop and Quick Share Vulnerabilities with Critical Patches
Apple and Google Release Security Patches for AirDrop and Quick Share Vulnerabilities
Apple and Google have deployed security updates to address six vulnerabilities affecting AirDrop and Quick Share, the wireless file-sharing protocols used by iOS and Android devices. According to reports from Numerama and Frandroid, these flaws allow attackers within Wi-Fi range to trigger device crashes or cause system instability without user interaction.
What were the specific vulnerabilities in AirDrop and Quick Share?
The vulnerabilities involve flaws in how the devices handle proximity-based file transfers. Numerama reports that six distinct bugs were identified across both ecosystems. These vulnerabilities enable a remote attacker to send specially crafted packets via Wi-Fi to a nearby device. According to the reporting, the primary impact is the ability to make the target device crash, a state often referred to as a “denial-of-service” attack.
AppSystem and App4Phone specify that Apple’s side of the issue involved three particular vulnerabilities. These flaws could be exploited by an attacker within physical proximity to the target device to cause unexpected system behavior. While the patches aim to mitigate these risks, AppSystem notes that some of Apple’s initial responses constituted a partial fix rather than a comprehensive resolution for all affected versions.
How do these patches protect users?
The companies released software updates designed to harden the communication protocols used during the “handshake” phase of a file transfer. According to Frandroid, these patches prevent the system from processing the malicious packets that previously led to crashes. Users are advised to update to the latest versions of iOS and Android to ensure the security patches are active.
The risk is categorized by the proximity required for the attack. Because the exploits rely on Wi-Fi and Bluetooth connectivity, the attacker must be physically near the victim’s device. However, the reports emphasize that the attacks can strike “without warning,” meaning the user does not need to accept a file transfer for the crash to occur.
Comparison of Impact Across Platforms
While both ecosystems were affected, the reporting highlights slight differences in the nature of the vulnerabilities:

- Apple (AirDrop): App4Phone and AppSystem focus on three specific vulnerabilities that target the system’s stability, with some reports indicating a phased or partial rollout of the corrective measures.
- Google (Quick Share): Numerama and Frandroid frame the issues as part of a broader set of six flaws that affect the Android ecosystem’s proximity sharing, primarily resulting in device freezes or reboots.
Both platforms share a common failure point: the processing of unsolicited data packets before a secure connection is fully established by the user.
What happens if devices are not updated?
Devices remaining on older software versions remain susceptible to these proximity-based attacks. According to Android MT, the vulnerabilities allow an attacker to disrupt the functionality of a device simply by being within Wi-Fi range. This creates a risk of temporary device unavailability, though the sources do not report evidence of data theft or permanent hardware damage resulting from these specific bugs.
Apple and Google have not released detailed technical documentation regarding the specific CVE (Common Vulnerabilities and Exposures) identifiers for all six flaws in their initial public communications, leaving the full technical scope of the exploits to be determined by independent security researchers.