Critical AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Attacks: What You Need to Know
A newly discovered set of vulnerabilities dubbed "AirBorne" threatens billions of Apple devices and third-party products using AirPlay. Cybersecurity researchers at Israeli firm Oligo Security have uncovered critical flaws in Apple's AirPlay protocol and Software Development Kit (SDK) that could allow attackers to remotely execute code, steal sensitive information, and even deploy malware without any user interaction.
The severity of these vulnerabilities lies in their potential to be exploited in zero-click remote code execution (RCE) attacks, meaning hackers can take control of your device simply by being on the same Wi-Fi network. This includes public Wi-Fi hotspots at airports, coffee shops, and even your office.
How does it work?
Researchers found that by chaining vulnerabilities like CVE-2025-24252 and CVE-2025-24132, attackers can create a wormable exploit leading to RCE. This allows them to deploy malware that spreads to other devices connected to the same network. Imagine your phone gets infected on public Wi-Fi and then compromises your entire home or corporate network. The potential consequences range from espionage and ransomware attacks to supply-chain compromises.
Which devices are affected?
The vulnerabilities impact a wide range of devices, including:
- iPhones and iPads
- Macs
- Apple Vision Pro
- Third-party devices that leverage the AirPlay SDK, such as smart TVs, speakers, and car infotainment systems
Oligo estimates that there are tens of millions of third-party audio devices with AirPlay support, in addition to over 2.35 billion active Apple devices. This widespread adoption makes the "AirBorne" vulnerabilities a significant threat. Cybersecurity expert Patrick Wardle also highlighted the third-party devices might have delayed or skipped patches, exposing vulnerabilities. "When third-party manufacturers integrate Apple technologies like AirPlay via an SDK, obviously Apple no longer has direct control over the hardware or the patching process," Wardle stated.
What steps should you take?
Apple has released security updates to address these vulnerabilities in their devices. However, the risk remains for third-party devices that may not receive timely patches. Here's what you should do:
- Update all your Apple devices to the latest software versions immediately.
- Ensure all corporate Apple devices and other machines that support AirPlay are updated.
- Disable the AirPlay receiver if you're not using it.
- Restrict AirPlay access to trusted devices using firewall rules.
The Bigger Picture
The "AirBorne" vulnerabilities highlight the growing risks associated with interconnected devices and the importance of timely security updates. It also underscores the potential for even seemingly simple features like AirPlay to become a gateway for sophisticated attacks. It’s imperative for organizations to prioritize security updates and educate employees about the risks of using public Wi-Fi networks.
What are your thoughts on these vulnerabilities? Will this affect your AirPlay usage? Share your concerns and suggestions in the comments below.
