← Back to Daily Briefing

Researchers from CISPA have identified critical, zero-click vulnerabilities in proximity-based file-transfer protocols, specifically Apple AirDrop and Google/Samsung Quick Share. Utilizing the custom "AIRFUZZ" protocol-aware fuzzer, the study uncovered systemic flaws in how privileged daemons process unauthenticated, complex serialized content such as Binary Plists, CPIO archives, and Protocol Buffers. Exploitation vectors include Swift-based Denial of Service (DoS), XML recursion, and memory corruption via Heap Use-After-Free (UAF). Most significantly, the research demonstrated a complete bypass of Device-to-Device (D2D) encryption in Samsung Quick Share. These vulnerabilities affect over 5 billion devices globally. All affected vendors—Apple, Google, and Samsung—have released patches to remediate these flaws.

  • Research Methodology: Protocol-Aware Fuzzing

    • Development of AIRFUZZ, a specialized fuzzer designed to mutate pre-compression representations of proprietary, undocumented protocols.
    • Successful reconstruction of the AirDrop seven-layer state machine and analysis of the DVZip adaptive compression algorithm.
    • Identification of systemic risks in the processing of complex serialized data (Binary Plists, CPIO, Protocol Buffers) by privileged, unauthenticated daemons.
  • Vulnerability Analysis: Apple AirDrop

    • Swift fatalError DoS: Exploitation of the HTTP path router to trigger immediate service termination.
    • Unbounded XML Recursion: Targeted the Foundation framework via malicious XML plists to cause resource exhaustion.
    • Network.framework Vulnerability: Discovery of a NULL dereference within the HTTP/1.1 parser.
  • Vulnerability Analysis: Quick Share (Samsung & Google)

    • Samsung Quick Share Encryption Bypass: Identification of three specific frame types that allow for the total circumvention of D2D encryption.
    • Pre-authentication Dispatch: Discovery of an unauthorized OfflineFrame dispatch mechanism (V4).
    • Google Quick Share (Windows): Identification of a Heap Use-After-Free (UAF) vulnerability within the Windows-based implementation.
  • Impact and Risk Assessment

    • Attack Vector: Wireless proximity-based, zero-click exploitation requiring no prior pairing or user interaction.
    • Ecosystem Reach: Potential impact on a global footprint exceeding 5 billion interconnected mobile and desktop devices.
    • Security Implications: High-severity risks across Confidentiality (encryption bypass), Integrity (memory corruption), and Availability (DoS).
  • Remediation: Patching and Defense

    • Responsible Disclosure: All findings were coordinated through Apple, Samsung, and Google prior to public release.
    • Remediation Status: All identified vulnerabilities have been acknowledged and addressed via vendor-specific security updates.
    • Defensive Action: Organizations should enforce immediate OS-level updates across all mobile and Windows-based device fleets.

LINK COPIED TO CLIPBOARD