A set of safety vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software program Growth Equipment (SDK) uncovered unpatched third-party and Apple gadgets to varied assaults, together with distant code execution.
In keeping with cybersecurity firm Oligo Safety safety researchers who found and reported the issues, they are often exploited in zero-click and one-click RCE assaults, man-in-the-middle (MITM) assaults, and denial of service (DoS) assaults, in addition to to bypass entry management record (ACL) and person interplay, to realize entry to delicate info, and browse arbitrary native information.
In all, Oligo disclosed 23 safety vulnerabilities to Apple, which launched safety updates to deal with these vulnerabilities (collectively referred to as “AirBorne”) on March 31 for iPhones and iPads (iOS 18.4 and iPadOS 18.4), Macs (macOS Ventura 13.7.5, macOS Sonoma 14.7.5, and macOS Sequoia 15.4), and Apple Imaginative and prescient Professional (visionOS 2.4) gadgets.
The corporate additionally patched the AirPlay audio SDK, the AirPlay video SDK, and the CarPlay Communication Plug-in.
Whereas the AirBorne vulnerabilities can solely be exploited by attackers on the identical community by way of wi-fi networks or peer-to-peer connections, they permit taking on susceptible gadgets and utilizing the entry as a launchpad to compromise different AirPlay-enabled gadgets on the identical community.
Oligo’s safety researchers mentioned they had been capable of exhibit that attackers can use two of the safety flaws (CVE-2025-24252 and CVE-2025-24132) to create wormable zero-click RCE exploits.
Moreover, the CVE-2025-24206 person interplay bypass flaw allows a risk actor to bypass “Settle for” click on necessities on AirPlay requests and might be chained with different flaws to launch zero-click assaults.
“Which means an attacker can take over sure AirPlay-enabled gadgets and do issues like deploy malware that spreads to gadgets on any native community the contaminated gadget connects to. This might result in the supply of different refined assaults associated to espionage, ransomware, supply-chain assaults, and extra,” Oligo warned.
“As a result of AirPlay is a elementary piece of software program for Apple gadgets (Mac, iPhone, iPad, AppleTV, and so on.) in addition to third-party gadgets that leverage the AirPlay SDK, this class of vulnerabilities may have far-reaching impacts.”
The cybersecurity firm advises organizations to right away replace any company Apple gadgets and AirPlay-enabled gadgets to the newest software program launch and ask workers to additionally replace all their private AirPlay gadgets.
Further measures customers can take to cut back the assault floor embrace updating all their Apple gadgets to the newest model, disabling the AirPlay receiver if not used, proscribing AirPlay entry to trusted gadgets utilizing firewall guidelines, and decreasing the assault floor by solely permitting AirPlay for the present person.
Apple says that there are over 2.35 billion lively Apple gadgets all over the world (together with iPhones, iPads, Macs, and others), and Oligo estimates that there are additionally tens of tens of millions of third-party audio gadgets like audio system and TVs with AirPlay assist, not together with automotive infotainment techniques with CarPlay assist.
