Billions of Apple devices at risk of attack due to AirPlay security flaw

AirPlay is Apple's wireless streaming protocol that allows users to wirelessly stream content from Apple devices such as iPhone, iPad or MacBook to other AirPlay-enabled devices, such as: Apple TV, Smart TV, AirPlay-enabled Speakers, etc.

These security vulnerabilities affect the AirPlay Software Development Kit (SDK), a toolkit provided by Apple to hardware development partners, and could be exploited by hackers to take control of devices on the same Wi-Fi network without user interaction.

Apple quickly released patches for its own devices and provided fixes to third-party manufacturers, but not all devices were updated in a timely manner, leaving millions of AirPlay devices, including in-car entertainment systems that use CarPlay, at risk.

The 23 vulnerabilities have been assigned 17 common vulnerability identifiers (CVEs) and can lead to a wide range of dangerous attacks, ranging from zero-click remote code execution (RCE), local arbitrary file read (Local Arbitrary File Read), personal data theft to spoofing and eavesdropping on network communications. Hackers can even combine these vulnerabilities to take complete control of the victim device.

Notably, two of the most serious vulnerabilities, CVE-2025-24252 and CVE-2025-24132, can be exploited to create “wormable” attacks, in which malicious code automatically spreads across the network, increasing the risk of espionage and extortion.

In a real-world test, Oligo Security successfully demonstrated a Zero-Click RCE attack on macOS via CVE-2025-24252 under specific network conditions.

Another vulnerability, CVE-2025-24271, allows code execution with a single click (One-Click RCE). Devices that use the AirPlay SDK, including smart speakers and AV receivers, are also vulnerable to Zero-Click RCE (CVE-2025-24132), which allows attackers to eavesdrop on audio transmitted over the network.

CarPlay, the car's built-in entertainment system, is also at risk. According to Oligo Security, exploiting RCE vulnerabilities in CarPlay could disrupt a driver's activities or facilitate tracking of movement behavior.

Attackers could even impersonate an AirPlay device on the network to intercept and record streaming content. One scenario Oligo Security envisions is an exploited TV that could be impersonated and used to record a conference call being streamed over AirPlay.

Oligo Security's detailed technical report, published on April 29, 2025, calls on users and businesses to quickly update the software for all AirPlay-enabled devices, including Apple and third-party ones.

Additionally, the company recommends that users turn off AirPlay when not in use and limit access to AirPlay within the local network to minimize the risk of attack.

Experts warn of lingering threat and offer advice to users

Speaking to Hackread.com, Mr. Karolis Arbaciauskas - a cybersecurity expert from technology company Nord Security (Lithuania) warned that the threat from the AirBorne vulnerability could last, especially on AirPlay devices manufactured by third parties.

“Unlike genuine Apple devices that receive security updates quickly, many third-party products often do not receive timely patches, or are even abandoned by the manufacturer. This allows vulnerabilities to exist silently for a long time,” said Karolis Arbaciauskas.

Karolis also noted that to exploit these vulnerabilities, an attacker would need access to the same Wi-Fi network as the victim, so securing the Wi-Fi router is key.

“Keep your router’s firmware up to date and use a strong password to keep out bad guys,” he recommends. “Default passwords from manufacturers are often weak and easy to crack. Users should change them as soon as they set up the device.”

He also offers specific advice on how to create strong passwords: “An effective password should be at least eight characters long, including letters, numbers, and special symbols. If remembering too many passwords is a challenge, you should use a password manager to simplify things.”

Finally, Karolis stresses that users should avoid using AirPlay on public Wi-Fi networks, which are notoriously insecure. “If you must share content wirelessly, use a private hotspot from your phone or at least stay away from open Wi-Fi networks, and use a VPN for added security.”