Proximity Protocol Flaws, GitHub Backlog, and OT Vulnerabilities Mark a Busy Week in Cybersecurity

Researchers at the CISPA Helmholtz Center for Information Security have disclosed six vulnerabilities in Apple AirDrop and Google/Samsung Quick Share, two proximity-based file transfer protocols that run on more than five billion devices worldwide. The flaws span macOS, iOS, Android, and Windows, and include crashes, authentication bypasses, and a use-after-free bug.

The findings, presented by Arash Ale Ebrahim and Nils Ole Tippenhauer, mark the first cross-platform analysis of both protocol stacks above the radio layer. The researchers built a custom fuzzer for AirDrop and conducted targeted analysis on Quick Share, uncovering weaknesses that can be exploited by an attacker within 10 to 30 meters without any pairing or shared network.

Six Vulnerabilities Across Two Ecosystems

The AirDrop vulnerabilities all result in crashes of Apple's sharing daemon, which also handles AirPlay, Handoff, Universal Clipboard, and Continuity Camera. A single malformed request can take down all these services simultaneously. The Quick Share flaws include protocol logic bypasses that allow an attacker to drive the connection state machine before authentication, and a use-after-free in the Windows client that earned a Google bounty.

• Three AirDrop bugs: a Swift fatalError call on unrecognized paths, an XML property list parser with no depth limit, and a null pointer dereference in the system HTTP parser.
• Three Quick Share bugs: pre-authentication frame processing, post-handshake unencrypted frame acceptance, and a use-after-free race condition in the Windows client.
• Common root cause: both protocols process complex attacker-controlled inputs before authentication, creating a large pre-authentication attack surface.

GitHub Advisory Database Under Strain

Meanwhile, the GitHub Advisory Database published 1,560 reviewed advisories in May 2026, the highest monthly total in its history and several times its usual output. The volume of vulnerability reports is arriving faster than GitHub can review them, leading to delays of weeks for some advisories. This backlog affects automated security alerts for millions of open source projects that rely on the database.

In other security news, CISA published an advisory on three vulnerabilities in Daktronics controllers used for highway signs and billboards, which could allow remote hacking. Separately, a critical Oracle E-Business Suite flaw, CVE-2026-46817 (CVSS 9.8), is being actively exploited in the wild, targeting Oracle Payments for privilege escalation and authentication bypass. The 'Djinn' infostealer is also leveraging CVE-2026-48558, a SimpleHelp authentication bypass, to steal cloud and AI credentials.

What Comes Next

Apple and Google have begun rolling out fixes for the AirDrop and Quick Share vulnerabilities, though the scale of affected devices means patches will take time to reach all users. The GitHub backlog highlights the growing challenge of keeping advisory databases current as vulnerability reporting accelerates. Organizations using Oracle E-Business Suite or Daktronics controllers should prioritize patching, while the Djinn campaign underscores the increasing targeting of cloud and AI infrastructure credentials.