A newly discovered set of vulnerabilities, collectively dubbed AirBorne, has exposed billions of Apple and third-party devices to significant security risks. Uncovered by cybersecurity firm Oligo Security, these flaws reside in Apple's AirPlay protocol and its Software Development Kit (SDK), which is widely used in devices like smart TVs, speakers, and CarPlay systems. The vulnerabilities enable attackers on the same Wi-Fi network to execute zero-click remote code execution (RCE) attacks, potentially leading to unauthorized device control, malware deployment, and espionage activities.(Techzine Global, Cyber Security News)

Key Vulnerabilities Identified

• CVE-2025-24252: A use-after-free vulnerability in macOS's AirPlay implementation.

• CVE-2025-24206: An authentication bypass flaw.

• CVE-2025-24132: A stack-based buffer overflow in the AirPlay SDK affecting third-party devices.

• CVE-2025-24271: An access control list (ACL) bypass vulnerability.(Cyber Security News, Oligo Security)

These vulnerabilities can be chained together to allow attackers to hijack devices without any user interaction, especially when AirPlay settings are configured to allow connections from "Anyone on the same network." (beyondidentity.com)

Devices at Risk

The AirBorne vulnerabilities affect a wide range of devices, including:(WIRED)

• Apple products: iPhones, iPads, MacBooks, Apple TVs, and Vision Pro headsets.

• Third-party devices: Smart TVs, speakers, and CarPlay systems that utilize the AirPlay SDK.(Field Effect, WIRED)

Oligo Security estimates that over 2.35 billion Apple devices and tens of millions of third-party devices are potentially vulnerable. (Cyber Security News)

Potential Impacts

Exploitation of these vulnerabilities could lead to:(WIRED)

• Unauthorized remote control of devices.

• Deployment of malware across networks.

• Eavesdropping through devices with microphones.

• Denial-of-service (DoS) attacks.

• Man-in-the-middle (MITM) attacks.(Secure-ISS, The Verge, Oligo Security)

The "wormable" nature of some vulnerabilities means that malware could spread automatically from one compromised device to others on the same network. (Techzine Global)

Mitigation Measures

For Apple Devices:

Apple has released patches addressing these vulnerabilities in the following updates:(beyondidentity.com)

• iOS 18.4 and iPadOS 18.4

• macOS Ventura 13.7.5, Sonoma 14.7.5, and Sequoia 15.4

• tvOS 18.4

• visionOS 2.4(Techzine Global, Secure-ISS, runZero)

Users are strongly advised to update their devices to these versions promptly.

For Third-Party Devices:

While Apple has provided patches for the AirPlay SDK, the responsibility for deploying these updates lies with the respective device manufacturers. Users should:(Techzine Global)

• Check with device manufacturers for available firmware updates.

• Restrict AirPlay access to trusted devices or disable it when not in use.

• Avoid connecting to unsecured or public Wi-Fi networks.(Techzine Global, WIRED)

For Organizations:

Enterprises should:

• Implement network segmentation to isolate vulnerable devices.

• Enforce strict access controls and monitoring.

• Educate employees about the risks associated with using AirPlay on unsecured networks.

Conclusion

The AirBorne vulnerabilities highlight the importance of regular software updates and vigilant network security practices. Given the widespread use of AirPlay across various devices, both consumers and organizations must take immediate action to mitigate potential risks.(TechRepublic, beyondidentity.com)

For a visual demonstration of the AirBorne exploit, you can watch the following video:

AirBorne: Exploiting Apple's AirPlay Zero-Day Vulnerabilities