Security researchers have discovered major vulnerabilities in Apple’s AirPlay protocol that may allow attackers to hijack devices without user interaction. This exploit, known as “AirBorne,” comprises 23 individual bugs, of which 17 have official CVEs, enabling zero-click remote code execution on susceptible systems.
Cybersecurity firm Oligo has identified multiple critical flaws in Apple’s native AirPlay protocol and the SDK employed by third-party devices. While Apple has patched its platforms, many products remain vulnerable due to slow OEM updates. Estimates suggest that tens of millions of devices—including speakers, TVs, and CarPlay systems—are still at risk.
The danger escalates as the vulnerabilities support “wormable” exploits, which spread automatically across devices on the same network. Some flaws allow attackers to take control of systems configured for AirPlay connections, potentially serving as gateways for broader network infiltration.
Key Points
- 23 vulnerabilities found in AirPlay, with 17 labelled as critical.
- Attackers can remotely execute code on devices without any user input.
- The risks extend to numerous third-party devices still depending on vulnerable SDKs.
- Exploits can spread between devices in the same network, posing significant threats.
- Apple has released patches, but many outdated third-party devices remain unprotected.
Why should I read this?
If you’ve got Apple devices, you’ll want to stay in the loop about these vulnerabilities. It’s not just about the tech—it’s your security at risk here! With millions of devices potentially affected, getting the full scoop on how to protect yourself is crucial. We’ve dug through the details, so you don’t have to—now go update your systems!