https://www.oligo.security/blog/airborne
Security researchers at Oligo Security have uncovered a serious set of vulnerabilities in Apple’s AirPlay protocol and software development kit (SDK) that could allow attackers to remotely execute code on affected devices without user interaction. These flaws, collectively dubbed “AirBorne,” affect millions of Apple and third-party devices worldwide.
The security team discovered 23 distinct vulnerabilities that enable various attack vectors, including zero-click and one-click remote code execution, man-in-the-middle attacks, denial of service attacks, and unauthorized access to sensitive information. Perhaps most concerning are two specific flaws (CVE-2025-24252 and CVE-2025-24132) that researchers demonstrated could create “wormable” zero-click attacks, potentially spreading from device to device across networks.
Another critical vulnerability (CVE-2025-24206) enables attackers to bypass the “Accept” prompt normally required for AirPlay connections, creating a pathway for truly zero-interaction compromises when combined with other flaws.
“This means that an attacker can take over certain AirPlay-enabled devices and do things like deploy malware that spreads to devices on any local network the infected device connects to,” warned Oligo. “This could lead to the delivery of other sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more.”
While exploitation is limited to attackers on the same network as vulnerable devices, the potential impact is extensive. Apple reports over 2.35 billion active devices worldwide, and Oligo estimates tens of millions of additional third-party AirPlay-compatible products like speakers, TVs, and car infotainment systems could be affected.
Apple released security updates on March 31 to address these vulnerabilities across their product line, including patches for iOS 18.4, iPadOS 18.4, macOS versions (Ventura 13.7.5, Sonoma 14.7.5, and Sequoia 15.4), and visionOS 2.4 for Apple Vision Pro. The company also updated the AirPlay audio and video SDKs and the CarPlay Communication Plug-in.
Security experts strongly advise all users to immediately update their Apple devices and any third-party AirPlay-enabled products. Additional protective measures include disabling AirPlay receivers when not in use, restricting AirPlay access to trusted devices via firewall rules, and limiting AirPlay permissions to the current user only.