Close Menu
Most Read

AirDrop/Quick Share flaws enable crash, bypass checks.

Staff WriterBy No Comments3 Mins Read1 Views

Quick Takeaways

  1. Attackers within 10-30 meters can crash or disrupt AirDrop, Quick Share, and related services by sending malformed requests, causing wide service outages on Apple and Android devices.
  2. Flaws in Samsung’s Quick Share bypass session checks, allowing unverified devices to initiate and control connections, potentially leading to data manipulation or further exploitation.
  3. Google’s Quick Share for Windows contains a memory bug that can be exploited for remote code execution, especially since its defenses like Control Flow Guard are disabled, risking full device compromise.

Threat, Attack Techniques, and Targets

Two researchers discovered six security flaws in AirDrop and Quick Share. These are wireless features used to send files between nearby devices without cables or shared networks. An attacker within wireless range, using just a laptop, can attack devices set to receive files from everyone. They do not need prior access or connection. The attacker can cause the sharing service to crash on Mac or iPhone. The same research also found flaws in Quick Share that bypass session checks on Samsung devices and cause crashes in Google’s Windows app. These issues are found in devices running specific versions, including recent iOS, macOS, and Windows. The flaws target the radio communication layer where devices handle discovery, session management, and trust decisions. The vulnerabilities allow attackers to trigger crashes with malformed requests and exploit memory bugs. These exploits impact over five billion active Apple and Android devices.

Impact, Security Implications, and Remediation Guidance

The main impact is that attackers can crash important sharing services on affected devices. Since these services also support features like AirPlay and Handoff, one crash can take down multiple functions. When a device crashes, it stops receiving files and sharing features. This can affect many devices in crowded areas like airports or conferences. Although no evidence shows the flaws being exploited in real life, the vulnerabilities are serious. Companies have already begun fixing some of these bugs. Apple released a patch for one AirDrop bug; others are under coordinated disclosure. Google fixed the Windows flaw and paid a bounty. Samsung’s bugs are still under investigation. To stay protected, users should update their devices with the latest security patches. They should also set AirDrop to “Contacts Only” or turn it off, instead of “Everyone.” For Quick Share, disable it when not needed, and update the Windows app. For detailed guidance, users should refer to the latest advisories from Apple, Google, or device manufacturers.

Discover More Technology Insights

Explore the future of technology with our detailed insights on Artificial Intelligence.

Access comprehensive resources on technology by visiting Wikipedia.

ThreatIntel-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.