Security researchers have identified six vulnerabilities affecting AirDrop and Quick Share, the wireless file-transfer protocols used by Apple and Android devices respectively. The flaws allow an attacker within wireless range to remotely crash the file-sharing service on target devices without requiring any prior connection or network access. Devices configured to accept transfers from anyone are particularly vulnerable to these attacks, which require no user interaction to execute.

Both AirDrop and Quick Share use wireless protocols to enable quick file transfers between nearby devices without requiring cables or a shared network connection. These convenience features have become standard on modern smartphones and computers, with millions of users relying on them daily for sharing photos, documents, and other files. The protocols typically operate over Bluetooth and Wi-Fi Direct to establish peer-to-peer connections between devices.

The discovered vulnerabilities enable denial-of-service attacks that can be executed with minimal equipment. An attacker needs only a standard laptop positioned within wireless range of the target device. When the target device has its sharing settings configured to receive from anyone rather than contacts only, the attack can proceed without any prompts or user interaction. The service crashes completely, disrupting the file-sharing functionality until the device is restarted or the service is manually reset.

The impact extends to both personal and enterprise environments where these file-sharing features are commonly enabled. Organizations that allow employees to use AirDrop or Quick Share on company devices face potential disruption if attackers exploit these vulnerabilities in office settings, conferences, or other locations where multiple devices congregate. The attacks could be used to harass users, disrupt business operations, or serve as a precursor to more sophisticated attacks.

Users should immediately change their AirDrop and Quick Share settings to accept transfers only from contacts rather than everyone. This configuration significantly reduces the attack surface by requiring the attacker to be in the device's contact list. Organizations should enforce this setting through mobile device management policies. Both Apple and Google should be monitored for security updates that address these vulnerabilities, and patches should be applied promptly when released. Until fixes are available, disabling these features entirely on sensitive devices provides the strongest protection against exploitation.

Source: https://thehackernews.com/2026/06/airdrop-and-quick-share-flaws-let.html