Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Security researchers have discovered AirPlay flaws that could lead to a complete Apple device takeover.
Users of third-party Apple products should be aware of a raft of newly revealed vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software Development Kit.
Oligo Security Research revealed the new vulnerabilities – a total of 23 bugs that led to the issue of 17 unique CVEs – in a 29 April blog post, warning that if chained together, they could lead to remote code execution and a complete device takeover.
The flaws as a whole have been dubbed AirBorne by Oligo’s team, as they can be taken advantage of via wireless or peer-to-peer connections.
“Oligo has demonstrated that two of the vulnerabilities (CVE-2025-24252 and CVE-2025-24132) allow attackers to weaponise wormable zero-click RCE exploits,” Oligo said.
“This means that an attacker can take over certain AirPlay-enabled devices and do things like deploy malware that spreads to devices on any local network the infected device connects to. This could lead to the delivery of other sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more.”
The AirBorne vulnerabilities affect many Apple devices, from iPhones with AirPlay enabled to AppleTV, MacOS Vision Pro, and even the CarPlay operating system.
Apple has released updated versions of the impacted software, but according to Karolis Arbaciauskas, head of business product at NordPass, the main concern around these vulnerabilities is that not all companies are as diligent in addressing vital updates as Apple.
“There are tens of millions of third-party AirPlay-enabled devices, and not all companies update their products as diligently as Apple,” Arbaciauskas said.
“A worrying number of electronic devices ship with terrible default passwords straight from the factory, so it’s always a good idea to check and change them. Ensure your password is as random as possible, at least eight characters long, and includes a mix of random numbers and symbols. Remembering strong passwords can be challenging, but tools like password managers can safely generate, store, and share your Wi-Fi password with friends and family.
“If you own such a third-party AirPlay-enabled device, the vulnerability might still exist. However, to exploit it, an attacker would first need to gain access to your home or office Wi-Fi network. Therefore, updating your router and using a strong password should keep you safe.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
