Cybersecurity researchers have revealed a set of security vulnerabilities in Apple’s AirPlay protocol. This allows attackers to take over sensitive devices that support their own radio technology.
The downside is that it is jointly codenamed Airborne by Israeli cybersecurity company Oligo.
“These vulnerabilities can be chained by attackers to potentially control devices that support AirPlay, including both Apple devices and third-party devices that leverage the AlplaySDK.”
To attack some of the vulnerabilities like CVE-2025-24252 and CVE-2025-24132, you can create wamable zero-click RCE exploits, allowing bad actors to deploy malware that propagates to devices on the local network to which the inte- ted devices connect.
This paves the way for sophisticated attacks that lead to backdoors and ransomware deployments, potentially creating serious security risks.
In a nutshell, vulnerabilities can allow zero or one-click remote code execution (RCE), access control lists (ACLs) and user interaction bypass, reading any local file, disclosure of information, adversaries (AITM) attacks, and denial of service (DOS).
This includes a chain of CVE-2025-24252 and CVE-2025-24206, providing zero-click RCE for MACOS devices connected to the same network as the attacker. However, for this exploit to succeed, the AirPlay receiver must be turned on and set to “Anyone on the same network” or “Everyone” configuration.
In a hypothetical attack scenario, connecting to a public Wi-Fi network could potentially compromise the victim’s device. If you later connect your device to an enterprise network, you can provide an attacker with a way to violate other devices connected to the same network.
Some of the other notable flaws are listed below –
CVE-2025-24271 – ACL Vulnerability that allows attackers on the same network as sign-in MAC to send AirPlay commands without pairing CVE-2025-24137 – Vulnerability that could cause arbitrary code execution or application that could cause arbitrary code execution or application that would terminate CVE-2025-24132 Receiver SDK that leverages AirPlay CVE-2025-24206 – Authentication vulnerability that allows attackers on local networks to bypass authentication policy CVE-2025-24270 – Vulnerability that allows attackers to local networks to leak sensitive information CVE-2025-31197 – Vulnerability that could cause an attacker on local network to cause unexpected app termination
Following responsible disclosure, the identified vulnerabilities have been patched in the following versions –
iOS 18.4 and iPados 18.4 iPados 17.7.6 Macos SECOIA 15.4 MACOS SONOMA 14.7.5 MACOS VENTURA 13.7.5 TVOS 18.4, and VisionOS 2.4
Some of the weaknesses (CVE-2025-24132 and CVE-2025-30422) have also been patched to the AirPlay Audio SDK 2.7.1, AirPlay Video SDK 3.6.0.126, and Carplay communication plugin R18.1.
“For organizations, it’s essential that the company’s Apple devices and other machines that support airplay are updated immediately to the latest software version,” Oligo said.
“Security leaders need to provide employees with clear communication that all personal devices that support AirPlay also need to be updated immediately.”
Source link
