Urgent Apple Security Alert: ‘AirBorne’ AirPlay Vulnerability Exposes Millions to Hackers
Apple users are facing a new security threat dubbed 'AirBorne,' a set of vulnerabilities found in the AirPlay feature and its associated SDK. This flaw, discovered by cybersecurity firm Oligo, could allow hackers to inject malware and take control of devices connected to the same Wi-Fi network, even without user interaction. This is a zero-click attack, making it particularly dangerous.
How the AirBorne Vulnerability Works
The AirBorne vulnerability targets devices on a local network, meaning hackers need to be within proximity and on the same network as the target. This could be at home, work, or even public Wi-Fi hotspots like those at airports. If your AirPlay devices are discoverable, they are susceptible to a zero-click attack. Hackers can then either take complete control or launch other attacks like Man-in-the-Middle (MITM) or Denial-of-Service (DoS).
According to Oligo researcher Uri Katz, "The amount of devices that were vulnerable to these issues, that's what alarms me. When was the last time you updated your speaker?" The implications are significant, potentially allowing hackers to run malicious scripts on Macs or even activate microphones on connected speakers to eavesdrop on conversations. Researchers demonstrated taking over a Bose speaker to display their company's logo, however making clear that they just happened to have that brands speaker avaliable.
Apple Patches and Third-Party Risks
Apple has addressed the AirBorne vulnerability in its latest software updates. Users are strongly advised to update their iPhones, iPads, Macs, Apple Watches, and Apple Vision Pro devices immediately. To update, go to Settings > General > Software Update on iOS devices, and System Settings > General > Software Update on Macs.
However, the problem extends beyond Apple devices. Millions of third-party devices supporting AirPlay, such as TVs and smart speakers, remain vulnerable. Apple provided security updates for affected third-party devices, and emphasized that attackers can only exploit these flaws if they are on the same Wi-Fi network as the targeted device. According to Oligo, some third-party devices may still be vulnerable if their manufacturers do not provide timely updates. Some of these devices do not contain private user data. Since Apple cannot directly control the patching process for these devices, users must take proactive steps to protect themselves.
Protecting Yourself
Here’s how to minimize your risk:
- Update Third-Party Devices: Check for firmware updates for all AirPlay-compatible devices.
- Disable AirPlay When Not in Use: On Macs, go to System Settings > AirDrop & Handoff and disable AirPlay Receiver.
- Use Trusted Devices: Only stream AirPlay content from trusted sources.
- Limit AirPlay Access: Set AirPlay access to “Current User” under Settings > General > AirDrop & Handoff on Macs.
- Avoid Public Networks: Refrain from using AirPlay on public or unknown networks like those at airports or cafes.
As Patrick Wardle, CEO of DoubleYou said, “When third-party manufacturers integrate Apple technologies like AirPlay via an SDK, obviously Apple no longer has direct control over the hardware or the patching process... As a result, when vulnerabilities arise and third-party vendors fail to update their products promptly—or at all—it not only puts users at risk but could also erode trust in the broader Apple ecosystem."
The Bigger Picture
This incident highlights the ongoing challenges of securing interconnected devices. With the proliferation of smart devices in homes and offices, vulnerabilities in widely used protocols like AirPlay can have far-reaching consequences. It serves as a reminder to stay vigilant, keep devices updated, and understand the security implications of using networked technologies.
What steps are you taking to protect your devices from the AirBorne vulnerability? Share your thoughts and strategies in the comments below.
