AirDoS is a denial-of-service vulnerability in iOS that allows attackers to remotely spam nearby iPhones/iPads with infinite AirDrop share popups, rendering the UI unusable until the device is restarted or the user escapes Bluetooth/WiFi range. Apple patched it in iOS 13.3 (December 2019) with a rate limit that auto-declines requests after 3 rejections from the same device.
Reflected XSS vulnerability in Avast Desktop AntiVirus (and AVG) via unsanitized SSID name reflection in the Firewall's Network Notification feature popup, allowing attackers to execute arbitrary JavaScript through a malicious wireless network name. The vulnerability was discovered by connecting to a tethering connection with an XSS payload SSID and triggered when the notification feature displayed the network name without proper input filtering, earning a $5,000 bounty.