May 13th, 2025
Who:
Apple devices utilizing the AirPlay suite and third-party devices incorporating the AirPlay SDK.
What:
Cybersecurity firm Oligo Security identified 23 vulnerabilities, termed "AirBorne," within Apple's AirPlay protocol and SDK. These flaws permit zero-click and one-click remote code execution (RCE), man-in-the-middle (MitM) attacks, denial-of-service (DoS), and unauthorized access to sensitive data on devices connected to the same network.
A live demo of one the exploits was uploaded to YouTube via Oligo Security. Check it out here.
Impact:
Attackers sharing a Wi-Fi or peer-to-peer network with a vulnerable device can exploit these flaws to commandeer devices, propagate malware, eavesdrop via microphones, and access local files. Two vulnerabilities (CVE-2025-24252 and CVE-2025-24132) are "wormable," facilitating rapid malware spread across networks. While Apple has issued patches for its devices, numerous third-party AirPlay-enabled devices, including smart TVs, speakers, and CarPlay systems, may remain unpatched, posing ongoing risks.
Recommendations:
Update Apple Devices:Â Ensure iPhones, iPads, Macs, and Apple Vision Pro devices are updated to the latest software versions addressing these vulnerabilities.
Check Third-Party Devices:Â Contact manufacturers of third-party AirPlay-enabled devices to confirm the availability and application of security updates.
Disable Unused Features:Â Turn off AirPlay and CarPlay on devices when not in use to minimize exposure.
Restrict Access:Â Configure AirPlay settings to allow connections only from trusted devices and consider implementing firewall rules to limit access.
Monitor Networks:Â Be vigilant when connecting to public or unsecured Wi-Fi networks, as they increase the risk of exploitation.
Read the full article HERE