- Security researchers found dozens of flaws in Apple’s AirPlay protocol
- Some of them allowed remote code execution attacks
- Apple has released patches addressing the flaws
Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) carried numerous vulnerabilities that could be abused to run remote code execution (RCE) attacks, man-in-the-middle (MitM) attacks, or denial of service (DoS) attacks. To make matters worse, some of these vulnerabilities could be used in zero-click attacks, meaning to pull it off – no interaction from the victim is required.
Cybersecurity researchers Oligo Security found 23 flaws and collectively dubbed them AirBorne. Two of the flaws could be used in RCE attacks, which are now tracked as CVE-2025-24252, and CVE-2025-24132. There is also CVE-2025-24206, a user interaction bypass vulnerability that allows crooks to bypass “Accept” click requirements on AirPlay requests.
“This means that an attacker can take over certain AirPlay-enabled devices and do things like deploy malware that spreads to devices on any local network the infected device connects to. This could lead to the delivery of other sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more,” Oligo warned.
‘Vast and concerning’
“Because AirPlay is a fundamental piece of software for Apple devices (Mac, iPhone, iPad, AppleTV, etc.) as well as third-party devices that leverage the AirPlay SDK, this class of vulnerabilities could have far-reaching impacts.”
The potential reach of AirBorne exploitation is “vast and concerning”, CyberInsider argues. The publication claims Apple’s wireless streaming protocol is “critical” to the company’s ecosystem and is operating on 2.35 billion active devices all over the world.
It argues that, in theory, a threat actor could compromise a MacBook at a coffee shop, and later use it as a steppingstone into an enterprise network, once the compromised device connects to the company’s Wi-Fi.
Apple has since fixed the flaws with iOS and iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. The AirPlay audio SDK, the AirPlay video SDK, and the CarPlay Communication Plug-in have all been updated, as well.
Via BleepingComputer
Leave a comment