A trio of specialists from Oligo Safety Analysis have warned of a zero-click distant code execution (RCE) vulnerability in Apple’s AirPlay protocol — and whereas the corporate has patched the opening in its personal merchandise, third-party units should be in danger.
“Oligo Safety Analysis has found a brand new set of vulnerabilities in Apple’s AirPlay Protocol and the AirPlay Software program Improvement Equipment (SDK), which is utilized by third-party distributors to combine AirPlay into third-party units,” Oligo’s Uri Katz, Avi Lumelsky, and Gal Elbaz clarify of their findings. “These vulnerabilities will be chained by attackers to probably take management of units that assist AirPlay – together with each Apple units and third-party units that leverage the AirPlay SDK.”
Two of the found vulnerabilities — CVE-2025-24252 and CVE-2025-24132 — are of the very best concern: “[these] enable attackers to weaponize wormable zero-click RCE exploits,” the crew explains. “Because of this an attacker can take over sure AirPlay-enabled units and do issues like deploy malware that spreads to units on any native community the contaminated system connects to. This might result in the supply of different refined assaults associated to espionage, ransomware, supply-chain assaults, and extra.”
Oligo disclosed its findings, a complete of 23 vulnerabilities that led to 17 CVEs being assigned, privately to Apple, with impacts starting from arbitrary file entry and delicate data disclosure to man-in-the-middle and denial of service attaches. It is the distant code execution vulnerabilities which might be of largest concern, although, particularly if chained with person interplay bypass vulnerability additionally found by the crew — permitting an attacker to execute any code on a goal AirPlay-compatible system completely silently.
Apple has confirmed the vulnerabilities and launched updates for its personal merchandise, however these don’t defend customers of third-party AirPlay-compatible units constructed utilizing the susceptible model of Apple’s software program growth package. Oligo advises that customers replace their units if an replace is accessible, disable AirPlay receivers when they don’t seem to be in use, block AirPlay communication on the firewall, and set the AirPlay receiver so it is solely accessible for the at present logged-in person. “Whereas this doesn’t stop all the points talked about within the report,” the crew admits, “it does cut back the protocol’s assault floor.”
Extra data is accessible on the Oligo weblog.
