AirDrop and Quick Share flaws expose billions of devices to nearby attacks
Researchers at the CISPA Helmholtz Center for Information Security disclosed six proximity-based vulnerabilities in Apple AirDrop and Google/Samsung Quick Share that could be exploited by attackers within wireless range or on the same local network. The issues include three denial-of-service flaws in AirDrop affecting privileged sharing and parsing components on macOS and iOS, two authentication and encryption bypass flaws in Samsung's Quick Share on Android, and a use-after-free bug in Google's Quick Share client for Windows that could potentially be exploitable. The findings show that both ecosystems expose significant pre-authentication attack surfaces despite using different implementations.
Apple has reportedly fixed one AirDrop flaw and assigned a non-public CVE, while Google has patched the Windows Quick Share bug and issued a bounty, with its CVE still pending. The remaining Apple issues and the Samsung Quick Share flaws are still under coordinated disclosure or investigation, and no in-the-wild exploitation has been reported. Researchers also released a custom fuzzer, crash scripts, and protocol notes to help validate the bugs and support further testing across nearby-sharing features used on roughly five billion devices.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Researchers publicly disclose flaws and release testing tools
Researchers publicly disclosed the six nearby-sharing vulnerabilities affecting AirDrop and Quick Share. They also released a custom fuzzer, crash scripts, and protocol notes to support validation and further testing.
Google fixes Quick Share for Windows use-after-free flaw
Google landed a fix for the Quick Share for Windows use-after-free vulnerability. The associated CVE was still pending publicly, and Google had also paid a bounty for the finding.
Apple patches one AirDrop flaw and assigns a non-public CVE
Apple fixed one of the identified AirDrop vulnerabilities and assigned it a CVE identifier that had not yet been made public. The remaining Apple AirDrop issues were still under coordinated disclosure or investigation.
Researchers identify six AirDrop and Quick Share vulnerabilities
Researchers at the CISPA Helmholtz Center for Information Security identified six proximity-based vulnerabilities affecting Apple AirDrop and Google/Samsung Quick Share across macOS, iOS, Android, and Windows. The issues include AirDrop denial-of-service flaws, Quick Share authentication and encryption bypasses on Android, and a use-after-free in Quick Share for Windows.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Multiple AirDrop and Quick Share Vulnerabilities Allow Attackers to Crash Devices
cybersecuritynews.com
Open sourceAirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
thehackernews.com
Open sourceAirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Interoperability and Security Changes in Android Quick Share and Apple AirDrop
Google has introduced a new feature that enables its Android Quick Share tool to interoperate with Apple’s AirDrop, allowing file sharing between the two platforms for the first time. This functionality is currently limited to Google’s Pixel 10 smartphone and requires iOS users to enable the 'Everyone for 10 minutes' mode on AirDrop, which temporarily makes their device discoverable to anyone nearby. Both companies have highlighted the convenience of cross-platform sharing, but security concerns remain, as these modes can expose users to unsolicited or potentially malicious file transfers. Organizations often mitigate these risks by disabling such features through mobile device management solutions. In parallel, Apple is testing a new AirDrop feature in its iOS beta that introduces PIN pairing, allowing users to share files for up to 30 days without needing to be in each other's contacts. This change aims to enhance usability but may also introduce new security considerations, as it extends the window during which devices are open to file sharing from non-contacts. Both developments reflect ongoing efforts by Google and Apple to balance ease of use with the need to protect users from abuse and unauthorized file transfers.
Jun 29, 2026
Emergency 0-Day Patches Issued by Apple and Google for Actively Exploited Vulnerabilities
Apple and Google have released emergency security updates to address zero-day vulnerabilities that were actively exploited in sophisticated attacks targeting users of their platforms. Apple issued patches across its ecosystem—including iPhones, iPads, and Macs—to fix two WebKit bugs, warning that these flaws had been abused in highly targeted attacks against specific individuals. Google, in parallel, released a Chrome Stable channel update to address multiple security flaws, including CVE-2025-14174, an out-of-bounds memory access vulnerability that was already being exploited in the wild. Both companies provided limited technical details but confirmed that the vulnerabilities were under active attack and that coordinated investigation revealed overlap in their findings, with Apple's security team and Google's Threat Analysis Group credited for discovery. Security researchers have noted that these vulnerabilities could be weaponized by commercial spyware vendors, and there is evidence suggesting that the flaws were exploited before patches were available. The urgency of the situation has led to widespread advisories urging users to update their devices immediately to mitigate the risk of compromise. The lack of detailed disclosure from both Apple and Google underscores the sensitive nature of the attacks and the ongoing threat posed by sophisticated adversaries targeting mainstream software platforms used by billions worldwide.
Jun 29, 2026
Apple Patches Actively Exploited dyld Zero-Day in iOS and Other Platforms
Apple released security updates to address an **actively exploited zero-day** tracked as **CVE-2026-20700**, warning it may have been used in an “extremely sophisticated” attack targeting specific individuals on versions of iOS prior to *iOS 26*. The flaw affects **`dyld` (Apple’s dynamic linker)** and can allow **arbitrary code execution** when an attacker already has **memory write** capability; reporting attributes discovery to **Google’s Threat Analysis Group** and notes it may have been used as part of an exploit chain. Apple shipped fixes across its ecosystem, including *iOS 26.3*, *iPadOS 26.3*, *macOS Tahoe 26.3*, *watchOS 26.3*, *tvOS 26.3*, and *visionOS 26.3*. The same reporting indicates Apple also issued patches tied to the broader report for **CVE-2025-14174** (an out-of-bounds memory access issue in Chrome’s **ANGLE** graphics component on Mac) and **CVE-2025-43529** (a **use-after-free** leading to code execution), and commentary from security practitioners emphasized that enterprise risk is driven by **patch deployment speed**—particularly where updates rely on end users rather than enforced device management.
Jun 29, 2026