AirDrop & Quick Share Flaws Enable Nearby Attackers to Crash Devices and Bypass Receive‑From‑Anyone Checks
What Happened — Researchers disclosed six zero‑day flaws in Apple’s AirDrop (macOS/iOS) and Samsung’s Quick Share that let an unauthenticated device within Bluetooth/Wi‑Fi range crash the sharing service or bypass the “receive from anyone” prompt, without any user interaction.
Why It Matters for Compliance & Audit Readiness
- The flaws illustrate a classic access‑control bypass scenario that SOC 2 CC6 (Logical Access) controls are designed to detect, document, and remediate.
- Continuous evidence of device‑level policy enforcement (e.g., “receive from anyone” disabled by default) is required to demonstrate due diligence in an audit.
- Verisq’s SOC2 Access Controls capability provides automated monitoring of endpoint configuration drift and proof‑point logs that can be used as audit evidence for the “access restriction” criteria.
Who Is Affected – Consumer‑grade laptops, smartphones, and tablets running iOS/macOS or Samsung One UI; enterprises that allow BYOD or issue corporate‑owned Apple/Samsung devices.
Recommended Actions
- Review and harden AirDrop/Quick Share settings: disable “receive from anyone” by default and enforce policy via MDM.
- Deploy continuous configuration monitoring to capture any deviation from approved sharing settings.
- Update devices promptly once Apple and Samsung release patches; retain patch‑install logs for SOC 2 evidence.
Source: The Hacker News
Technical Notes
- Attack vector: proximity‑based wireless (Bluetooth/Wi‑Fi) without prior pairing.
- Exploits trigger a denial‑of‑service crash or bypass the user‑prompt check, potentially leading to unauthorized file receipt.
- No CVE IDs disclosed at time of reporting; patches expected in upcoming OS updates.
Source: The Hacker News