Security researchers have discovered three vulnerabilities in AirDrop that can be exploited on iPhones and Macs. An attacker within wireless range can use these vulnerabilities to disable several Apple services, including AirDrop itself, AirPlay, and Handoff. While data cannot be intercepted, the functions remain blocked for the duration of the attack – Apple has already patched one of the vulnerabilities.
AirDrop is one of the most widely used features in the Apple ecosystem, wirelessly transferring files between devices in close proximity. How easily this proximity transfer can be set up and secured in everyday use also determines how vulnerable a device is. This is precisely where the recently reported vulnerabilities come into play: they affect both iPhones and Macs, and researchers also found similar problems with QuickShare, the counterpart on Android devices.
How the attack unfolds
The attack requires only a laptop with Wi-Fi and a location within range, which, according to the researchers, is often between ten and thirty meters. Neither pairing nor contact exchange nor a shared network is necessary. Particularly problematic: On Apple devices where AirDrop is set to "Everyone," the system responds at an early stage of the protocol, even before a confirmation prompt appears.
The simplest of the three vulnerabilities stems from a programming error in the component that routes incoming requests: If a request encounters an unknown path, the entire process terminates. A single, brief request is thus sufficient to crash multiple services simultaneously. If repeated every few seconds, the functions become permanently unusable. In a test, all regular connection attempts failed while the attack was active and only succeeded again once it was stopped. To reduce the risk, users should set AirDrop reception to "Contacts Only" or turn it off entirely when the feature is not actively needed.
Which services will be shut down?
The impact extends beyond AirDrop. A successful attack also disables AirPlay, Handoff, Universal Clipboard, and Continuity Camera. All these services rely on the same underlying proximity communication and therefore fail simultaneously. The good news: No data can be stolen – the attack aims solely to block the functionality, not to intercept information.
One vulnerability fixed, two remain open
The vulnerabilities were discovered by security researcher Arash Ebrahim, who adhered to the usual practice of responsible disclosure and withheld specific details until they were fixed. According to him, Apple has already closed one of the three AirDrop vulnerabilities in a software update and assigned it a CVE identifier; however, the corresponding security advisory is not yet public. The other two vulnerabilities are still in the coordinated disclosure process and have not yet received a public CVE number.
It is noteworthy that the same vulnerability patterns occur in both Apple and Google products, despite minimal code sharing. The researcher attributes this not to a single manufacturer, but to a fundamental challenge with short-range communication protocols: For sharing to function as seamlessly as possible, privileged background services must process complex, externally controlled data even before authentication or user authorization has taken place. This creates a large attack surface before every login.
Why such gaps are difficult to avoid
The fact that a convenience feature like AirDrop is deliberately designed for simple, low-requirement connections also makes it vulnerable to precisely these kinds of jamming attacks. Until Apple closes the remaining two vulnerabilities, the most effective precaution remains simple: limit reception and only enable it when actually needed. Currently, there is no data risk – but there is a possibility that key convenience features could temporarily fail in an attacker's vicinity. (Image: Shutterstock / Lucigerma)
- Leaked iPhone 18 Pro videos disappear again
- Apple is bringing forward security updates due to AI threat
- OpenClaw brings its AI agent to the iPhone as an app
- iPhone 18 Pro drop tests surface on the dark web
- iOS 26.5.2, iPadOS 26.5.2 and macOS 26.5.2 are here
- iOS 26.6 Beta 3: Apple nears completion
- WhatsApp: Usernames can now be reserved
- Apple acquires the award-winning design tool Play
- Indian antitrust case: Apple accuses the authority of plagiarism
- Apple and Chinese storage: Approval is likely to be difficult
- Apple is seeking approval for Chinese storage devices
- The US partially releases Claude Mythos 5
- Data leak at Tata: Apple and suppliers react
- OpenAI poachs Apple's Vision Pro and glasses chief
- Storage crisis: Apple is also said to be partly responsible
- Apple is heading towards record market shares in 2026
- Apple hints at further price increases
- Apple is raising prices: Macs, iPads and more are getting more expensive
- Siri AI should clearly reject URL summaries
- Stolen iPhone: Apple tightens its recommendations
