Critical Vulnerabilities in AirDrop and Quick Share Expose Billions of Devices

Researchers at CISPA Helmholtz Center for Information Security have uncovered six vulnerabilities in Apple's AirDrop and Google's Quick Share protocols, affecting over five billion devices. These flaws allow attackers within 10-30 meters to crash devices or manipulate file transfers without user interaction. The vulnerabilities include three denial-of-service bugs in AirDrop, two protocol-state manipulation exploits in Quick, and a user-after-free bug potentially leading to remote code execution. The AirDrop vulnerabilities require devices to be in permissive modes, while Quick is widely used on Android and Windows. The researchers developed a custom fuzzer, AirFuzz, to identify these issues. The vulnerabilities have been responsibly disclosed, and fixes are in progress, but exposure remains significant. The findings highlight the need for better security in proximity transfer protocols.

Key Points: • Six critical vulnerabilities found in AirDrop and Quick Share protocols. • Over five billion devices are affected, including iPhones, Android phones, and Windows systems. • Attackers can exploit these flaws from a distance of 10-30 meters, with no user interaction required.