Ethical Hacking News
Cybersecurity researchers have identified a series of vulnerabilities in Apple's AirPlay protocol, which can be exploited by attackers using public Wi-Fi networks to gain zero-click remote code execution (RCE) on devices supporting the proprietary wireless technology. These vulnerabilities pose a significant threat to both Apple devices and third-party devices that leverage the AirPlay SDK, highlighting the importance of immediate action for organizations reliant on these devices.
Cybersecurity researchers have identified a string of vulnerabilities in Apple's AirPlay protocol, codenamed "AirBorne", which can be exploited to take control of susceptible devices. The vulnerabilities pose a significant threat to both Apple devices and third-party devices that leverage the AirPlay SDK, potentially leading to deployment of backdoors and ransomware. Several vulnerabilities have been identified, including CVE-2025-24252, CVE-2025-24132, CVE-2025-24271, CVE-2025-24206, and CVE-2025-24270. The vulnerabilities have been patched in various versions of Apple's operating systems, including iOS, iPadOS, macOS, tvOS, and visionOS. Organizations are urged to take immediate action to update their corporate devices and employee personal devices that support AirPlay to the latest software versions.
Cybersecurity researchers from Israeli company Oligo have unveiled a string of vulnerabilities in Apple's AirPlay protocol, which, if successfully exploited, could enable an attacker to take control of susceptible devices supporting the proprietary wireless technology. The shortcomings, collectively codenamed "AirBorne" by the security experts, pose a significant threat to both Apple devices and third-party devices that leverage the AirPlay SDK.
These vulnerabilities can be chained together by attackers to potentially take control of devices that support AirPlay – including both Apple devices and third-party devices. This could then pave the way for sophisticated attacks that can lead to the deployment of backdoors and ransomware, posing a serious security risk. The vulnerabilities in question include CVE-2025-24252 and CVE-2025-24132, which can be strung together to fashion a wormable zero-click RCE exploit.
This type of exploitation enables bad actors to deploy malware that propagates to devices on any local network the infected device connects to. The potential consequences of this vulnerability are severe and could lead to significant financial losses for organizations. Moreover, the impact could extend beyond the initial compromised device, as it could potentially allow an attacker to breach other devices connected to the same network.
Some of the other notable flaws identified by Oligo include CVE-2025-24271, which allows an attacker on the same network as a signed-in Mac to send AirPlay commands without pairing. Additionally, there is a stack-based buffer overflow vulnerability (CVE-2025-24132) that could result in a zero-click RCE on speakers and receivers that leverage the AirPlay SDK.
Furthermore, CVE-2025-24206 is an authentication vulnerability that could allow an attacker on the local network to bypass authentication policy. Another notable flaw is CVE-2025-24270, which allows an attacker on the local network to leak sensitive user information.
The identified vulnerabilities have been patched in the following versions:
- iOS 18.4 and iPadOS 18.4
- iPadOS 17.7.6
- macOS Sequoia 15.4
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5
- tvOS 18.4, and
- visionOS 2.4
Additionally, some of the weaknesses (CVE-2025-24132 and CVE-2025-30422) have also been patched in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1.
The company Oligo has emphasized the importance of organizations taking immediate action to update their corporate Apple devices and other machines that support AirPlay to the latest software versions. Furthermore, security leaders need to provide clear communication to their employees that all of their personal devices that support AirPlay need to also be updated immediately.
This warning is particularly relevant as these vulnerabilities could enable an attacker on a public Wi-Fi network to take control of a device connected later to an enterprise network, providing access to other devices on the same network. The consequences of this vulnerability are severe and pose a significant threat to organizations that rely heavily on AirPlay-enabled devices.
In conclusion, the newly discovered vulnerabilities in Apple's AirPlay protocol highlight the importance of staying vigilant when it comes to cybersecurity. These vulnerabilities demonstrate how quickly attackers can exploit vulnerabilities in widely used technologies and the potential damage they could cause if left unpatched.
Related Information:
https://www.ethicalhackingnews.com/articles/AirPlay-Vulnerabilities-A-Zero-Click-Nightmare-for-Apple-Devices-via-Public-Wi-Fi-ehn.shtml
https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html
https://nvd.nist.gov/vuln/detail/CVE-2025-24252
https://www.cvedetails.com/cve/CVE-2025-24252/
https://nvd.nist.gov/vuln/detail/CVE-2025-24132
https://www.cvedetails.com/cve/CVE-2025-24132/
https://nvd.nist.gov/vuln/detail/CVE-2025-24271
https://www.cvedetails.com/cve/CVE-2025-24271/
https://nvd.nist.gov/vuln/detail/CVE-2025-24206
https://www.cvedetails.com/cve/CVE-2025-24206/
https://nvd.nist.gov/vuln/detail/CVE-2025-24270
https://www.cvedetails.com/cve/CVE-2025-24270/
https://nvd.nist.gov/vuln/detail/CVE-2025-30422
https://www.cvedetails.com/cve/CVE-2025-30422/
Published: Mon May 5 13:54:47 2025 by llama3.2 3B Q4_K_M
