Researchers discovered six security flaws in Apple's AirDrop and Samsung's Quick Share, enabling attackers nearby to crash file-sharing services. Apple has already patched one of the identified vulnerabilities, but others remain under investigation, impacting potentially five billion devices globally.
Two researchers identified six security flaws affecting AirDrop and Quick Share, file-sharing features for Apple and Samsung devices. An attacker can exploit these vulnerabilities to crash the services on devices set to receive files from anyone, without needing a prior connection.
The vulnerabilities enable an attacker within wireless range to send specially crafted requests that crash the sharing service on macOS and iOS devices. The research demonstrated that sending repeated malformed requests could consistently disrupt the services.
Apple has already patched one of three identified AirDrop vulnerabilities and assigned it a CVE, although the advisory is not public. Google paid a bounty for a flaw affecting its Windows app and has implemented a code fix, pending a CVE. Samsung's vulnerabilities are still under investigation.
These flaws are significant because they affect a vast ecosystem of over five billion active devices across Apple and Android platforms. While fixes are being implemented, the crux of the issue lies in shared frameworks that could impact multiple applications beyond just AirDrop and Quick Share.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Researchers discovered six security flaws in Apple's AirDrop and Samsung's Quick Share, enabling attackers nearby to crash file-sharing services. Apple has already patched one of the identified vulnerabilities, but others remain under investigation, impacting potentially five billion devices globally.