Back
Technology

AirDrop Vulnerabilities Cause Denial of Service on Apple Devices

View source

Security Researchers Uncover Three AirDrop Vulnerabilities Affecting iPhone and Mac

Similar flaws found in Android's Quick Share; attacks require proximity but no user interaction.

A new class of attack exploits core Apple proximity features

Security researchers have identified three distinct vulnerabilities in Apple's AirDrop that impact both iPhone and Mac devices. Comparable issues were also discovered in Android's Quick Share feature.

"An attacker can exploit these to crash AirDrop, AirPlay, Handoff, Universal Clipboard, and Continuity Camera."

The attack renders these services unavailable for the duration of the assault, though no data is compromised during the exploit.

Attack profile: Close range, no pairing required

The attack vector is notable for its low barrier to entry. It requires:

  • Physical proximity of 10 to 30 meters
  • A standard laptop with Wi-Fi capabilities
  • No pairing, contact exchange, or shared network

On devices configured to receive from "Everyone," the early protocol phases respond automatically, before any user prompt appears. This creates a window where malicious input can be processed without user awareness.

How the crash works

One of the three vulnerabilities involves a Swift fatalError call in the path routing code. When an unrecognized path request is received, the system triggers a fatal error, causing a crash.

A single request can take down multiple services simultaneously. Repeated requests every few seconds can maintain the denial-of-service effect indefinitely.

"Legitimate attempts fail during the attack but succeed after it stops."

Broader engineering challenge

Researcher Arash Ebrahim noted that such vulnerabilities are difficult to avoid entirely, as they stem from fundamental engineering challenges in proximity-based protocols.

"Privileged daemons must process attacker-controlled inputs before authentication, creating a large pre-authentication attack surface," Ebrahim explained.

Current status: One fix released, two pending

Ebrahim followed responsible disclosure practices. Apple has fixed one of the three vulnerabilities (assigned a CVE) and is actively working on the remaining two.

At this time, details of the fix and the specific CVE identifier are not yet public.