Critical “AirBorne” Vulnerabilities in Apple AirPlay – Billions of Devices at Risk

The Oligo Security researchers have uncovered a significant set of 23 vulnerabilities, dubbed “AirBorne,” affecting Apple’s AirPlay protocol and its Software Development Kit (SDK). This alarming discovery puts billions of devices, ranging from iPhones, iPads, and Macs to third-party smart TVs, speakers, and even car infotainment systems utilizing CarPlay, at risk of severe cyberattacks.

The “AirBorne” vulnerabilities exploit the wireless nature of AirPlay, allowing attackers on the same Wi-Fi network or through peer-to-peer connections to potentially gain complete control over vulnerable devices without any user interaction in certain scenarios.

Oligo Security demonstrated that two of these vulnerabilities (CVE-2025-24252 and CVE-2025-24132) can be weaponized to create wormable zero-click Remote Code Execution (RCE) exploits. This means that once a device is compromised, it could be used as a launchpad to spread malware to other devices on the same network, including sensitive enterprise networks.

Impact of “AirBorne” Vulnerabilities:

The potential impact of these vulnerabilities is far-reaching and could have devastating consequences for individuals and organizations alike.

• Massive Scale of Affected Devices: The widespread adoption of AirPlay across Apple’s ecosystem and numerous third-party devices means that millions, potentially billions, of devices are susceptible to attack. This includes personal devices, smart home gadgets, and even in-vehicle systems.
• Severe Security Risks: Successful exploitation of these vulnerabilities could lead
• to a wide range of attacks, from data theft and financial fraud to complete device takeover and network compromise.
• Wormable Exploits: The ability for these vulnerabilities to be exploited in a “wormable” fashion means that malware can spread rapidly across networks, potentially causing widespread disruption and damage.
• Enterprise Risks: Compromised devices connected to corporate networks could provide attackers with a foothold to launch further attacks, potentially leading to data breaches, espionage, and ransomware attacks.

Wide Range of Potential Attacks:

The discovered vulnerabilities, whether exploited individually or chained together, could enable a variety of malicious activities, including:

• Remote Code Execution (RCE): Allowing attackers to run arbitrary code on the compromised device.
• Access Control List (ACL) and User Interaction Bypass: Circumventing security measures and potentially executing actions without user consent.
• Local Arbitrary File Read: Enabling unauthorized access to files stored on the device.
• Sensitive Information Disclosure: Leaking private data and credentials.
• Man-in-the-Middle (MITM) Attacks: Intercepting communication between devices.
• Denial of Service (DoS): Disrupting the normal functioning of devices.
• Eavesdropping: Potentially accessing microphones on compromised devices for espionage.
• Malware Deployment: Installing malicious software, including ransomware.
• Supply Chain Attacks: Using compromised devices to target other systems within a network.
• Distracting Drivers (via CarPlay): In specific scenarios, attackers could manipulate the car’s infotainment system.

Apple’s Response and Third-Party Risks:

Oligo Security responsibly disclosed these vulnerabilities to Apple, and the tech giant has already released security updates for its devices (iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4, released on March 31st). Users of Apple devices are strongly advised to update their software immediately.

However, a significant concern remains for the millions of third-party devices that have integrated AirPlay using Apple’s SDK. These devices, including smart TVs, speakers, set-top boxes, and car systems, may not receive updates as promptly or may never be patched, leaving them vulnerable for an extended period. Gal Elbaz, CTO and co-founder of Oligo Security, warned that patching these third-party devices could take years, if it happens at all.

Protecting Yourself:

To mitigate the risks associated with the “AirBorne” vulnerabilities, users are advised to take the following immediate actions:

• Update all Apple devices to the latest available software versions.
• On Macs, disable the “AirPlay Receiver” feature in System Settings > General > AirDrop & Handoff (or AirPlay & Handoff in older versions) if you do not actively use it.
• Consider limiting AirPlay sharing permissions to “Current User” only.
• If AirPlay is not in use, disable it entirely on all devices.
• For organizations, implement firewall rules to restrict AirPlay communication (Port 7000 on Apple devices) to only trusted devices.
• Ensure all third-party devices that support AirPlay are updated with the latest firmware from their respective manufacturers.

The discovery of the “AirBorne” vulnerabilities serves as a stark reminder of the interconnected nature of modern devices and the potential for widespread impact from flaws in core technologies like AirPlay. Vigilance and prompt patching are crucial to safeguarding against these emerging threats. Cybersecurity experts recommend staying informed about security updates from all device manufacturers and adopting proactive security measures to protect personal and organizational assets.