Вход на сайт

Просмотр новости

Найдите то, что Вас интересует

Three AirDrop vulnerabilities discovered, with Apple working on a full fix

Дата публикации: 30-06-2026 11:53:17

Three AirDrop vulnerabilities have been discovered by security researchers, affecting both iPhone and Mac, with similar ones found in Android’s Quick Share.
An attacker could easily exploit the vulnerabilities to cause AirDrop, AirPlay, Handoff, Universal Clipboard, and Continuity Camera to crash and remain unavailable for as long as the attack continues …


Основное содержимое страницы с новостью.

Three AirDrop vulnerabilities discovered, with Apple working on a full fix | Two iPhones exchanging contact details via AirDrop

Three AirDrop vulnerabilities have been discovered by security researchers, affecting both iPhone and Mac, with similar ones found in Android’s Quick Share.

An attacker could easily exploit the vulnerabilities to cause AirDrop, AirPlay, Handoff, Universal Clipboard, and Continuity Camera to crash and remain unavailable for as long as the attack continues …

HelpNetSecurity reports that it is a simple attack to initiate.

A proximity attacker needs a laptop with Wi-Fi and a spot within range, often 10 to 30 meters. No pairing, contact exchange, or shared network is required. On Apple devices set to receive from “Everyone,” the early protocol phases respond before any user prompt appears.

The good news is that no data can be obtained. The bad news is that a number of related Apple services on both iPhone and Mac can be remotely disabled.

The three AirDrop findings all end in a crash. The simplest comes from a Swift fatalError call in the code that routes incoming web requests by path. A request to an unrecognized path hits that call and aborts the whole process. One short request takes down AirDrop, AirPlay, Handoff, Universal Clipboard, and Continuity Camera at once. Sent in a loop every couple of seconds, it holds the service down. During one test, the legitimate connection attempts all failed under the attack and all succeeded again once it stopped.

Security researcher Arash Ebrahim said that it’s hard to completely avoid such vulnerabilities, pointing to the fact that they exist on more than one platform despite very little shared code.

“I don’t think the overlap is unique to Apple or Google,” he said. “Instead, it reflects common engineering challenges in proximity-based protocols. These services are designed to provide a seamless user experience, which means privileged daemons have to process complex, attacker-controlled inputs before authentication or user approval has taken place. That inevitably creates a large pre-authentication attack surface.”

Ebrahim followed standard responsible disclosure practice in withholding specific details until both Apple and Google have had the chance to fix the issues. He says Apple has fixed one of the vulnerabilities and is still working on the other two.

One AirDrop bug now has a fix and an identifier, according to Ale Ebrahim. “Apple informed us that one of the reported AirDrop vulnerabilities has been fixed in a software update and has been assigned a CVE identifier,” he said. The advisory stays private for now. “The corresponding security advisory and CVE have not yet been published publicly, so I cannot share additional details at this stage,” Ale Ebrahim said, adding that “the remaining Apple reports are still under coordinated disclosure and have not yet received public CVE assignments.”

Add 9to5Mac as a preferred source on Google Add 9to5Mac as a preferred source on Google

FTC: We use income earning auto affiliate links. More.

Схожие новости

#Наименование новостиТональностьИнформативностьДата публикации
1AirDrop vulnerability lets anyone nearby knock it offline, no tap required-2630-06-2026
29to5Mac Daily: May 21, 2026 – iPhone Ultra leaks, more0221-05-2026
39to5Mac Daily: March 23, 2026 – iPhone Air popularity, iPad rumors0224-03-2026
4Leaker backs reports of two iPhone Air 2 improvements, with more detail0507-07-2026
59to5Mac Daily: May 12, 2026 – iOS 26.5 now available, more0312-05-2026
6macOS security flaw lets hackers disable Mac protection tools without a password-5725-06-2026
7Apple working with British police to tackle iPhone theft5611-06-2026
8Wired: уязвимости в AirPlay позволяют хакерам взломать устройство0030-04-2025
9Apple reveals iPhones are under attack from 'sophisticated' hacks secretly accessing devices: 'Act Now'-2615-01-2026
10Your old iPhone has a security flaw, and there’s nothing Apple can do to fix it-5620-06-2026

Классификация: Пресс-релизы. Схожих патентов: 0. Схожих новостей: 10. Тональность: 0. Информативность: 7. Источник: 9to5mac.com.