AirDrop Just Left 5 Billion iPhones and Androids Wide Open
A laptop, 30 feet of range, and no permission to touch anything. That’s all it takes to freeze your Apple ecosystem this week.
Two CISPA researchers just reverse-engineered AirDrop and Quick Share side by side and came out with six vulnerabilities across iOS, macOS, Android, and Windows. Three are zero-click. All of them work over the air without pairing, without shared Wi-Fi, without a tap. Apple’s already patched one and Google fixed the Windows one, but the rest are still in coordinated disclosure. Here’s the full breakdown of what breaks, what your phone is doing right now, and the single settings toggle that actually helps.
On June 30, 2026, two researchers at Germany’s CISPA Helmholtz Center for Information Security published a paper called “Protocol Prying”. Arash Ale Ebrahim and Nils Ole Tippenhauer had done what nobody had done before, at least not in public: they reverse-engineered both Apple’s AirDrop and Google and Samsung’s Quick Share side by side, above the radio layer, where discovery becomes session handling, parsing, and trust decisions.
What they found was six vulnerabilities. Three sit inside Apple’s AirDrop implementation on macOS and iOS. Three sit inside Quick Share, split across Samsung’s Android version and Google’s Windows client. All six are reachable from wireless proximity, roughly 10 to 30 meters. None of them require pairing, shared Wi-Fi, or an account. Several require nothing more than an iPhone with AirDrop set to “Everyone for 10 minutes,” the exact setting Apple recommends when you want to receive a file quickly and the exact setting Google’s new Android AirDrop interoperability requires on the iPhone side.
Between them, Apple’s 2.2 billion active devices and Google’s 3 billion active Androids make this the largest single research disclosure of the year by device count. The bugs are mostly denial-of-service today. The design pattern that produced them is not, and the same pattern is what makes the next round of proximity-protocol vulnerabilities likely to be worse.
To find them, the CISPA team had to reverse-engineer the entire AirDrop protocol without source code access. They mapped its seven-layer stack: Bluetooth LE for discovery, AWDL (Apple Wireless Direct Link) for Wi-Fi peering, TLS, HTTP, a custom encoding format, DVZip adaptive compression, and file packaging. Then they built a protocol-aware fuzzer, AirFuzz, roughly 12,000 lines of code, that mutates pre-compression representations of valid requests to hit deep code paths that ordinary fuzzers miss. The fuzzer is public. For Quick Share they wrote targeted hand-written analyses against Samsung’s Galaxy S23 Ultra and Google’s Windows Quick Share client. That combination is what produced six findings in a single paper rather than one.
5 billion active devices
Apple reports 2.2B active devices running sharingd. Google reports 3B Android devices with Quick Share as default or system-wide. Windows Quick Share client also affected.
Nearby, no pairing, no user tap
Attacker needs a laptop with Wi-Fi, position within 10-30 meters, and target device set to receive from “Everyone.” No phishing link, no Wi-Fi network, no account.
Denial of service, not data theft
Three AirDrop bugs crash sharingd, the daemon that also runs AirPlay, Handoff, Universal Clipboard, Continuity Camera, and NameDrop. Quick Share bugs enable protocol-state bypass.
Two down, four to go
Apple shipped one CVE fix in iOS/macOS 26.5.2 on June 29. Google fixed the Windows use-after-free and paid a bounty. Two Apple bugs and two Samsung bugs remain in coordinated disclosure.
V1, the one-request AirDrop killer
Zero-click, patchedInside the AirDrop code that routes incoming HTTP requests by path, there is a Swift fatalError call that fires when the path doesn’t match anything the router expects. Send one HTTP POST to an unknown path and the whole process aborts. The process in question is sharingd, and sharingd doesn’t just run AirDrop. It also runs AirPlay, Handoff, Universal Clipboard, Continuity Camera, and NameDrop. Kill it once and all of those features go down together on that device until it restarts the daemon.
A fatalError call in Swift is not a defensive check. It is a hard assertion that says: “if this happens, the code is in an impossible state, so crash rather than continue.” That is fine for internal invariants that only the developer can violate. It is not fine on a network-reachable code path where the input is coming from a stranger’s laptop across the room. The moment a fatalError sits between untrusted input and process survival, every unknown path becomes a remote crash.
Send those crash messages on a loop, about one every two seconds, and the researchers reported that legitimate AirDrop transfers stopped working entirely for the duration of the attack. A person at the next table over could hold your Apple ecosystem hostage from a laptop. This is the bug Apple already fixed. iOS 26.5.2 and macOS 26.5.2 shipped on June 29, 2026, one day before the CISPA paper hit, and Apple has confirmed a CVE was assigned. The public security advisory has not yet been released as of the paper’s finalization.
V2, the Foundation XML parser stack overflow
Zero-click, in disclosureThe second AirDrop bug isn’t really an AirDrop bug. It lives in Foundation, Apple’s core framework for handling data structures, and specifically in the XML property list parser. The parser processes nested dictionary structures without imposing a depth limit. When nesting reaches roughly 180 to 200 levels, the parser exhausts available stack memory and crashes.
A specially crafted discovery request with deeply nested plist data triggers the same failure anywhere untrusted property lists are parsed, not just in AirDrop. Any Apple app on macOS, iOS, watchOS, tvOS, or visionOS that opens an untrusted plist could hit the same code path. The researchers reproduced the AirDrop-facing crashes on macOS 15.7.4, macOS 26.3, iOS 18.x, and iOS 26.3. Older iOS 16 builds were not affected.
This is why “just patch AirDrop” is the wrong framing. The bug is a Foundation-level parsing problem, and AirDrop is only one of many attack surfaces that reaches it. This is still under coordinated disclosure with Apple.
V3, the Network framework HTTP parser crash
Post-accept, in disclosureThe third AirDrop issue sits in Network.framework, Apple’s modern networking library that replaced the older BSD sockets pattern. Malformed HTTP framing, such as negative chunk sizes or conflicting Content-Length headers, forces the parser into an inconsistent state and triggers a null pointer dereference. Sharingd goes down with it, and every continuity service on the device goes down at the same time.
This is technically a post-accept vulnerability rather than a pure zero-click. The attacker has to be past the initial connection handshake to reach the malformed HTTP framing. In practice, on a device set to “Everyone,” that gate is thin. The researchers were able to reach the crash reliably across the same macOS and iOS versions that V2 affected.
The combined effect of V1, V2, and V3 is the same: sharingd dies. That single process is doing too much work. When it goes, users don’t lose one feature. They lose AirDrop, AirPlay, Handoff, Universal Clipboard, Continuity Camera, and NameDrop in the same instant. That’s the design lesson from the AirDrop half of this paper.
V4 and V5, the Samsung Quick Share bypasses
Bypass, in investigationOn the Android side, the researchers found two flaws in Samsung’s Quick Share implementation. V4 is a pre-authentication frame-processing bypass. Quick Share is supposed to complete a UKEY2 handshake before it processes any application-layer content, but certain frame messages get processed before that handshake completes. That means an attacker in proximity can drive the Quick Share protocol state machine with attacker-controlled content before cryptographic authentication even happens.
V5 is worse in principle. After UKEY2 completes and a secure session exists, certain control frames are still accepted in plaintext, even though they should be protected by the SecureMessage encryption layer. An attacker on the same Wi-Fi network could inject unencrypted control frames into an active Quick Share session, forcing it into an “accepted” state, keeping it alive artificially, or making the server return attacker-supplied IP and port values.
Neither V4 nor V5 was demonstrated to steal files. Both defeat the protections the system is supposed to provide, and both were tested on a Samsung Galaxy S23 Ultra. Samsung transferred both to Google, and they remain under investigation as of the paper’s finalization.
Some context helps here. UKEY2 is the key exchange protocol Google designed for exactly this kind of “two devices meeting for the first time” scenario, and it’s the same protocol that underpins Google’s Nearby Share family. Its whole point is to bootstrap a mutually authenticated session between devices that have no prior relationship. When frames get processed before UKEY2 completes, or when control frames pass in plaintext after it, the protocol’s core promise, that no attacker in the middle can meaningfully interfere, stops holding. This is why the paper flags handler-by-handler security enforcement as an anti-pattern. Central dispatcher enforcement would have caught both V4 and V5.
V6, the Windows Quick Share use-after-free
Memory corruption, patchedThe most technically serious bug of the six is V6, a use-after-free memory corruption issue in Google’s Quick Share client for Windows. The researchers triggered it through a concurrent connect and disconnect sequence, described in the paper’s Table 1 as a race condition in endpoint lifecycle management. In principle, use-after-free bugs on Windows are the class most likely to enable actual remote code execution rather than just a crash.
Google took this one seriously. It awarded a bounty through its Vulnerability Reward Program, and the code fix has already landed. A CVE assignment is pending. Update the Quick Share Windows client now if you haven’t, because unlike the Samsung bugs, this one is fixed and public awareness is rising.
The researchers were careful to note that they did not demonstrate remote code execution against V6, only the memory-corruption class. That is honest security research. The class is dangerous enough that Google’s rapid patch and bounty response is the correct pattern. Compare it with V4 and V5, which are still in investigation.
The mechanics matter here. A use-after-free happens when code frees a chunk of memory but keeps using a pointer that still refers to the freed region. If an attacker can trigger a race that causes the free at just the wrong moment, or can arrange for new content to be placed at the freed address before it gets reused, they get a foothold. That foothold is not RCE by itself, but on Windows it is the class of primitive that most reliably leads there once combined with a heap-spray or type-confusion follow-up. That is why the paper flagged the race condition in endpoint lifecycle management as the underlying design flaw, not just the crash.
Different codebases, but ultimately
the same architectural pattern.
The convenience won.
The most interesting thing about the CISPA paper is not any individual bug. It is that Apple and Google, working with almost no shared code, ended up with the same architectural mistake. Ale Ebrahim named the pattern directly in his Help Net Security interview: “security-critical invariants were not enforced at a single boundary.” On the AirDrop side, that meant fatal assertions in network-facing code and parser robustness gaps. On the Quick Share side, it meant handler-level authentication checks instead of dispatcher-level enforcement, plus race conditions in endpoint lifecycle management. Different codebases. Same shape.
This isn’t a new class. QuickShell in 2024, ToothPicker before it, and the AWDL research that predates both have been pointing at the same problem for years. Proximity-transfer protocols are designed for one goal: make the transfer feel instant. Achieving that means the receiving device has to wake up, discover the sender, negotiate a session, and start processing untrusted content before the user can even see a prompt. That user-facing tap you eventually give in the AirDrop dialog is a courtesy, not a security boundary. The security boundary got crossed the moment your phone came within 30 meters of the attacker’s laptop.
The fix is not “make AirDrop safer.” The fix is to enforce authentication and encryption at a central dispatcher before any per-handler code runs, cap parsing depth and enforce strict framing at network-reachable entry points, and stop bundling five product features behind a single privileged daemon that can be taken down by a single crash. Those are architectural changes, not patches. Apple and Google will ship the patches. Whether they ship the architecture is a longer conversation.
- iPhone and Mac: Install iOS 26.5.2 and macOS 26.5.2 or newer. This ships the fix for V1, the one-request sharingd crash.
- AirDrop visibility: Set AirDrop to “Contacts Only” or “Receiving Off.” Do not leave it on “Everyone for 10 minutes” in crowded public places.
- Android Quick Share: Leave Quick Share visibility off when not actively receiving a file. Samsung’s V4 and V5 remain in investigation.
- Windows Quick Share: Update Google’s Quick Share Windows client. V6, the use-after-free, is patched and the fix is live.
- Enterprise fleets: Add “AirDrop Everyone” and “Quick Share Everyone visibility” to your MDM policy as blocked defaults, and re-check the Windows Quick Share client version in your endpoint inventory.
⚠️ Four things to keep in mind reading the CISPA paper
1. These are mostly denial-of-service bugs today. Nobody in the paper demonstrated file theft or remote code execution against your phone in the wild. What was demonstrated is that a person nearby can crash your Apple ecosystem repeatedly or force protocol states in Quick Share that the design says should not be reachable.
2. “Zero-click” is a real category. Three of the six bugs require no user interaction. The device set to “Everyone” listens by design, and that design is exactly what’s being exploited. If you have never touched your AirDrop settings, you are almost certainly on a setting the researchers targeted.
3. V6 is the outlier. The Windows use-after-free is the one bug in this set that has a real path to remote code execution, and it’s the one that’s already fixed. Google’s fast response there is the right template for the other vendors.
4. AirFuzz is public. The 12,000-line fuzzer the researchers built to find these bugs is on GitHub. Assume more findings in similar protocol classes are coming from other researchers now that the tooling is out.