A newly disclosed AirPlay vulnerability, also referred to as the AirBorne vulnerability, in Apple’s AirPlay protocol and software development kit (SDK) exposes billions of devices—including iPhones, iPads, Macs, Apple TVs, smart speakers, and even CarPlay-enabled infotainment systems—to serious security risks. Discovered by researchers at Oligo Security, these flaws enable a range of cyberattacks, from remote code execution (RCE) and data theft to full-scale surveillance.
What Is the AirPlay Vulnerability?
Oligo Security uncovered 23 vulnerabilities, collectively named “AirBorne”, with 17 receiving official CVE identifiers, that impact both Apple devices and third-party products built with the AirPlay SDK. Among the most critical are CVE-2025-24252 and CVE-2025-24132, which allow for “wormable” zero-click remote code execution, meaning an attacker can compromise a device without user interaction and then use it to infect others on the same network.
These flaws, categorized under the broader AirBorne vulnerability, present one of the most significant threats to wireless connectivity in Apple’s ecosystem to date.
How the AirPlay Vulnerability Can Be Exploited
The AirPlay vulnerability opens the door to a variety of sophisticated attacks:
- Zero-click and one-click remote code execution (RCE)
- Bypassing access controls and user prompts
- Reading arbitrary files
- Leaking sensitive information
- Launching man-in-the-middle (MITM) attacks
- Triggering denial of service (DoS)
- Distributing malware through network lateral movement
Devices with microphones could also be exploited to eavesdrop on conversations, effectively turning common electronics into surveillance tools.
Who Is Affected?
Apple has already released patches covering the latest versions of iOS, iPadOS, macOS, tvOS, and visionOS. However, millions of third-party devices remain unpatched unless their respective manufacturers act quickly. These include smart TVs, wireless speakers, and cars with CarPlay integration.
While attackers need to be on the same local Wi-Fi network or connected via Bluetooth or USB to exploit the vulnerability, once one device is compromised, it can serve as a launchpad for lateral attacks on the rest of the network.
The AirBorne vulnerability significantly expands the attack surface, especially in smart home or corporate environments where multiple AirPlay-enabled devices coexist on the same network.
How to Stay Protected
Both Apple and Oligo Security recommend immediate action:
- Update all Apple devices to the latest firmware versions.
- Apply security patches to third-party devices as soon as they are available.
- Disable AirPlay receivers when not in active use.
- Use firewalls to restrict AirPlay to trusted devices only.
- Limit AirPlay access to the logged-in user on shared systems.
These mitigation strategies help reduce the attack surface, but complete protection relies on third-party vendors issuing timely updates—a step that often lags behind vulnerabilities of this scale.
A Wake-Up Call for Wireless Protocol Security
The AirPlay vulnerability, as exemplified by the AirBorne flaw cluster, highlights the systemic risks of ubiquitous wireless protocols like AirPlay. With billions of devices potentially affected and attack methods that require minimal effort, this incident is a stark reminder of how crucial software updates and network hygiene are for both individuals and organizations.
