Cybersecurity researchers have disclosed a sequence of now-patched safety vulnerabilities in Apple’s AirPlay protocol that, if efficiently exploited, might allow an attacker to take over prone units supporting the proprietary wi-fi expertise.
The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity firm Oligo.
“These vulnerabilities may be chained by attackers to doubtlessly take management of units that assist AirPlay – together with each Apple units and third-party units that leverage the AirPlay SDK,” safety researchers Uri Katz, Avi Lumelsky, and Gal Elbaz said.
Among the vulnerabilities, like CVE-2025-24252 and CVE-2025-24132, may be strung collectively to style a wormable zero-click RCE exploit, enabling dangerous actors to deploy malware that propagates to units on any native community the contaminated machine connects to.
This might then pave the way in which for stylish assaults that may result in the deployment of backdoors and ransomware, posing a severe safety danger.
The vulnerabilities, in a nutshell, might allow zero- or one-click distant code execution (RCE), entry management listing (ACL) and person interplay bypass, native arbitrary file learn, info disclosure, adversary-in-the-middle (AitM) assaults, and denial-of-service (DoS).
This consists of chaining CVE-2025-24252 and CVE-2025-24206 to realize a zero-click RCE on macOS units which can be linked to the identical community as an attacker. Nevertheless, for this exploit to succeed, the AirPlay receiver must be on and set to the “Anybody on the identical community” or “Everybody” configuration.
In a hypothetical assault state of affairs, a sufferer’s machine might get compromised when linked to a public Wi-Fi community. Ought to the machine be linked later to an enterprise community, it might present an attacker with a technique to breach different units which can be linked to the identical community.
Among the different notable flaws are listed under –
- CVE-2025-24271 – An ACL vulnerability that may allow an attacker on the identical community as a signed-in Mac to ship AirPlay instructions to it with out pairing
- CVE-2025-24137 – A vulnerability that might trigger arbitrary code execution or an software to terminate
- CVE-2025-24132 – A stack-based buffer overflow vulnerability that might end in a zero-click RCE on audio system and receivers that leverage the AirPlay SDK
- CVE-2025-24206 – An authentication vulnerability that might enable an attacker on the native community to bypass authentication coverage
- CVE-2025-24270 – A vulnerability that might enable an attacker on the native community to leak delicate person info
- CVE-2025-24251 – A vulnerability that might enable an attacker on the native community to trigger an surprising app termination
- CVE-2025-31197 – A vulnerability that might enable an attacker on the native community to trigger an surprising app termination
- CVE-2025-30445 – A kind confusion vulnerability that might might enable an attacker on the native community to trigger an surprising app termination
- CVE-2025-31203 – An integer overflow vulnerability that might enable an attacker on the native community to trigger a DoS situation
Following accountable disclosure, the recognized vulnerabilities have been patched within the under variations –
- iOS 18.4 and iPadOS 18.4
- iPadOS 17.7.6
- macOS Sequoia 15.4
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5
- tvOS 18.4, and
- visionOS 2.4
Among the weaknesses (CVE-2025-24132 and CVE-2025-30422) have additionally been patched in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1.
“For organizations, it’s crucial that any company Apple units and different machines that assist AirPlay are up to date instantly to the most recent software program variations,” Oligo stated.
“Safety leaders additionally want to offer clear communication to their staff that each one of their private units that assist AirPlay have to even be up to date instantly.”
Source link