Security researchers have identified six vulnerabilities in Apple AirDrop and Android Quick Share, the peer-to-peer file transfer protocols that operate over local wireless connections without an intermediary network. The flaws affect millions of devices and require no prior authentication from the attacker.
An attacker within wireless range using only a laptop can trigger a denial-of-service condition on a Mac or iPhone configured to accept transfers from anyone—without requiring the user to tap or accept a prompt. The severity of the exploit lies in its silent execution, as the crash occurs before any user interaction takes place.
On the Quick Share side, the same research uncovered flaws that bypass standard security checks, potentially allowing unauthorized file delivery or service disruption. Technical specifics of the attack vector involve manipulation of the Bluetooth Low Energy handshake used to initiate connections, though full exploit details remain under embargo until patches are widely deployed.
Apple and Google have not yet released official patches, and no CVEs have been assigned as of publication. Users are advised to limit AirDrop and Quick Share visibility to “Contacts Only” or disable the features entirely in public spaces until fixes arrive. Both companies have been notified and are reportedly working on updates.
No active exploitation in the wild has been confirmed, and the researcher’s disclosure follows responsible vulnerability reporting practices. The findings highlight the persistent challenge of securing proximity-based wireless protocols, which trade convenience for attack surface.