A pair of vulnerabilities in Apple’s AirDrop and Quick Share features has left millions of users vulnerable to crashes, data breaches, and other malicious activities. The flaws, discovered by researchers at Google’s Project Zero, allow nearby attackers to remotely trigger system crashes or bypass security checks on iPhones, iPads, and Macs.
The issues stem from a weakness in the way these file-sharing features handle incoming requests. When an AirDrop or Quick Share request is made, it triggers a notification that can be easily manipulated by an attacker using a specially crafted message. This can lead to system crashes, data disclosure, or even unauthorized access to sensitive information on the device.
The affected devices include iPhone 6s and later models, as well as iPads running iOS 11 and later, and Macs running macOS High Sierra and later. The scope of the vulnerability is significant: with millions of users worldwide relying on these features for convenient file sharing, even a small percentage of attacks could result in substantial losses.
The attackers can exploit this flaw using a range of methods, from social engineering to targeted phishing campaigns. For instance, an attacker might send a malicious AirDrop request to a user’s device, which would appear as a legitimate notification on the screen. If the user accepts the request, their device would become vulnerable to further attacks.
The revelation highlights the ongoing cat-and-mouse game between security researchers and cyber threat actors. While AI-powered tools like those used by Project Zero have proven invaluable in uncovering vulnerabilities, malicious actors are continually adapting their tactics to stay ahead of detection.
To mitigate these risks, users should exercise caution when receiving unexpected AirDrop or Quick Share requests. It’s essential to verify the authenticity of incoming messages and only accept them from trusted sources. Moreover, keeping software up-to-date is crucial: Apple has issued patches for affected devices, which users must install promptly to prevent exploitation by attackers.
Ultimately, this incident underscores the importance of robust cybersecurity practices in an increasingly interconnected world. As we rely more heavily on convenient features like AirDrop and Quick Share, it’s essential to prioritize vigilance and stay informed about potential vulnerabilities that could put our digital security at risk.
Source: The Hacker News — 2026-06-30