Billions of Apple devices at risk of attack by AirPlay security flaw

AirPlay is Apple's wireless streaming protocol that allows users to wirelessly stream content from Apple devices such as iPhone, iPad or MacBook to other AirPlay-enabled devices, such as: Apple TV, Smart TV, AirPlay-enabled Speakers, etc.

These security vulnerabilities affect the AirPlay Software Development Kit (SDK), a toolkit provided by Apple to hardware development partners, and can be exploited by hackers to take control of devices on the same Wi-Fi network without user interaction.

Apple has been quick to release patches for its own devices and has also provided fixes to third-party manufacturers, but not all devices have been updated in a timely manner, leaving millions of AirPlay devices, including in-car entertainment systems that use CarPlay, at risk.

The 23 vulnerabilities have been assigned 17 Common Vulnerability Vetting (CVE) codes and can lead to a wide range of dangerous attacks, from Zero-Click RCE, Local Arbitrary File Read, personal data theft to spoofing and eavesdropping on network communications. Hackers can even combine these vulnerabilities to take complete control of the victim device.

Notably, two of the most serious vulnerabilities, CVE-2025-24252 and CVE-2025-24132, can be exploited to create “wormable” attacks, in which malicious code automatically spreads across the network, increasing the risk of espionage and extortion.

In a real-world test, Oligo Security successfully demonstrated a Zero-Click RCE attack on macOS via CVE-2025-24252 under specific network conditions.

Another vulnerability, identified as CVE-2025-24271, allows code execution with a single click (One-Click RCE). Devices that use the AirPlay SDK, including smart speakers and AV receivers, are also vulnerable to Zero-Click RCE (CVE-2025-24132), which allows attackers to eavesdrop on audio transmitted over the network.

CarPlay, the car's built-in entertainment system, is also at risk. According to Oligo Security, exploiting RCE vulnerabilities in CarPlay could disrupt the driver's activities or facilitate tracking of movement behavior.

Attackers can even impersonate AirPlay devices on the network to intercept and record streaming content. One scenario Oligo Security envisions is that an exploited TV could be impersonated and used to record an online meeting being streamed over AirPlay.

Oligo Security's detailed technical report, published on April 29, 2025, calls on users and businesses to quickly update software for all AirPlay-enabled devices, including Apple and third-party devices.

Additionally, the company recommends that users turn off AirPlay when not in use and limit access to AirPlay within the local network to minimize the risk of attack.

Experts warn of lingering threat and offer advice to users

Speaking to Hackread.com, Mr. Karolis Arbaciauskas - a cybersecurity expert from technology company Nord Security (Lithuania) warned that the threat from the AirBorne vulnerability could last a long time, especially on AirPlay devices manufactured by third parties.

“Unlike genuine Apple devices that receive security updates quickly, many third-party products often do not receive timely patches, or are even abandoned by the manufacturer. This allows vulnerabilities to exist silently for a long time,” said Karolis Arbaciauskas.

Karolis also noted that to exploit these vulnerabilities, hackers need access to the same Wi-Fi network as the victim, so securing the Wi-Fi router is key.

“Keep your router firmware up to date and use a strong password to prevent hackers from breaking in,” he recommends. “Default passwords from manufacturers are often weak and easy to crack. Users should change them as soon as they set up the device.”

He also offers specific advice on how to create strong passwords: “An effective password should be at least eight characters long, including letters, numbers, and special symbols. If remembering too many passwords is a problem, you should use a password manager to simplify things.”

Finally, Karolis stresses that users should avoid using AirPlay on public Wi-Fi networks, which are notoriously insecure. “If you must share content wirelessly, prefer to use a private hotspot from your phone or at least stay away from open Wi-Fi networks, and use a VPN for added security.”