AirDrop Can Be Disabled Remotely With One Malformed Request

Security researchers have found that AirDrop, Handoff, Universal Clipboard, Continuity Camera, and AirPlay can all be knocked offline simultaneously with a single malformed request, no file transfer accepted, no user interaction required. The finding comes from a team at the CISPA Helmholtz Center for Information Security, which identified three separate flaws in Apple’s wireless file-sharing system alongside related issues in Google’s Quick Share tool.

The attack requires almost nothing: a laptop with Wi-Fi and proximity within 10 to 30 meters. Because AirDrop and related services listen for nearby connections by default, the malicious request fires before any prompt appears on the target device. Sending that request in a loop keeps the affected features offline indefinitely.

The reason these services are exposed at all comes down to a deliberate design tradeoff. To work quickly and without friction, they process incoming data before verifying whether the sender is trusted. The researchers noted that both Apple and Google face the same engineering tension here, which is why Quick Share carries parallel vulnerabilities.

What’s been patched

The current state of fixes is uneven:

• Apple has patched one of the three flaws in a recent update, with two remaining
• Google has issued a patch for its Windows Quick Share client
• No private data is exposed in any of the known attack scenarios

The incomplete patch picture means the denial-of-service window is still open on Apple devices for two of the three identified attack paths. For anyone who regularly uses AirDrop in crowded public spaces, turning off file-sharing in settings removes the exposure until Apple ships the remaining fixes. The researchers did not describe active exploitation in the wild, but the attack is simple enough that the bar for someone attempting it is low.