Critical AirPlay Vulnerabilities Allow Remote Code Execution, Data Theft, and DoS

by | May 6, 2025 | News

Post Views: 175

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

AirBorne: New AirPlay Vulnerabilities Could Have Enabled Remote Takeovers

Security researchers have uncovered a series of high-severity flaws in Apple’s AirPlay protocol, potentially allowing attackers to remotely control and compromise AirPlay-enabled devices. The flaws, now patched, were codenamed “AirBorne” by Israeli cybersecurity firm Oligo Security.

These vulnerabilities affected both Apple hardware and third-party devices using the AirPlay SDK, posing a serious threat to user privacy and enterprise networks.

Zero-Click, Wormable Attacks via Public Networks

Among the most dangerous issues were CVE-2025-24252 and CVE-2025-24132, which could be chained to execute a zero-click remote code execution (RCE) attack—no user interaction required.

If exploited, the vulnerabilities would allow malware to self-propagate across any local network an infected device connects to, including public Wi-Fi or corporate environments, potentially acting as an entry point for ransomware or backdoor installation.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Full Range of Exploits: RCE, ACL Bypass, DoS, and More

The flaws allow attackers on the same network to:

Execute remote code (zero- or one-click)
Bypass authentication and access control lists (ACLs)
Read sensitive files
Crash applications
Conduct adversary-in-the-middle (AitM) attacks
Leak user data
Cause denial-of-service (DoS) conditions

For instance, chaining CVE-2025-24252 with CVE-2025-24206 enables zero-click RCE on macOS devices configured to accept AirPlay from “Anyone on the same network” or “Everyone.”

Real-World Threat: From Public Wi-Fi to Corporate Breach

In a hypothetical but plausible attack scenario, an Apple device compromised on a public Wi-Fi network could serve as a pivot point. Once the same device connects to a corporate network, attackers could use it to breach other systems within that environment.

This kind of attack is particularly concerning for remote workers or employees using personal devices that haven’t been patched.

List of Key CVEs and Impacts

Oligo disclosed several notable vulnerabilities, including:

CVE-2025-24271 – ACL bypass on signed-in Macs
CVE-2025-24132 – Stack buffer overflow enabling zero-click RCE on AirPlay receivers
CVE-2025-24206 – Authentication bypass
CVE-2025-24270 – User info leakage
CVE-2025-30445 / 31203 / 31197 / 24251 / 24137 – Application crashes or DoS via local network interaction

Apple’s Response and Patched Versions

Apple has addressed the flaws in a coordinated disclosure process, releasing updates for the following systems:

iOS 18.4 and iPadOS 18.4
iPadOS 17.7.6
macOS Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5
tvOS 18.4
visionOS 2.4

SDK-level patches include:

AirPlay audio SDK 2.7.1
AirPlay video SDK 3.6.0.126
CarPlay Communication Plug-in R18.1

Security Experts Urge Immediate Updates

Oligo emphasized the urgency of patching, especially for enterprises:

“It is imperative that any corporate Apple devices and other machines that support AirPlay are updated immediately,” said the researchers. “Security leaders should also instruct employees to update all personal AirPlay-capable devices.”

The combination of RCE, network propagation, and zero-click attack vectors marks AirBorne as one of the most dangerous Apple ecosystem flaws disclosed to date.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link