International
Oligo Security discovered 23 vulnerabilities in Apple’s AirPlay protocol and SDK, 17 of which received official CVEs. Named AirBorne, these flaws allow attacks such as remote code execution (RCE), data leaks, and denial of service. Affected devices include Apple’s Mac, iPhone, iPad, Apple TV, CarPlay systems, and third-party AirPlay-enabled products. Some attacks require no user interaction, especially when devices use default or insecure settings.
Two key vulnerabilities, CVE-2025-24252 and CVE-2025-24132, allow wormable zero-click RCEs, letting malware spread between devices on the same network. Attackers could use compromised devices to display media, spy through microphones, or infiltrate corporate systems via public Wi-Fi.
Apple worked with Oligo to patch these flaws, issuing updates across platforms. The issues stem from insecure handling of plist data sent over AirPlay’s port 7000, using a mix of HTTP and RTSP. Oligo discovered the flaws while investigating network activity and found many unsafe default configurations
Advertisment
