Serving tech enthusiasts since over 25 years. TechSpot is a trusted source for tech advice and analysis.
In short: Researchers have discovered a wide range of vulnerabilities in Apple’s AirPlay protocol, which could allow attackers hijack Apple and third party devices remotely without the user’s interaction. The exploit chain “AirBorne,” contains 23 individual bugs, 17 of which have official CVEs. It allows zero-click remote execution on vulnerable systems.
Cybersecurity Firm Oligo AirPlay Software Development Kits (SDKs) used by audio and auto manufacturers and Apple’s native AirPlay protocol were found to contain and “critical” vulnerabilities. Apple has patched their platforms, but many third-party products remain vulnerable due to slow OEM updates. Oligo estimates tens or even hundreds of millions of speakers and TVs with CarPlay capabilities could still be at risk.
AirBorne can be particularly dangerous because it supports “wormable” attacks – which can spread automatically across devices on the same wireless network without user intervention. A critical flaw. CVE-2025-24252 () combined with another vulnerability bypassing user interaction ( CVE-2025-24206 () allows attackers silently to take control of macOS system configured to accept AirPlay. Once connected to an office network, a compromised laptop on a Wi-Fi public network could be used as a gateway to further infiltrate corporate systems.
Researchers demonstrate proof-of-concept performing remote code execution on a Mac.
These vulnerabilities are not limited to Macs. Researchers noted that third-party receivers and speakers using the AirPlay SDK were vulnerable in all environments. The zero-click vulnerability (CVE-2025-24132,) is a buffer overflow stack-based that allows remote code execution without any warnings or clicks. These exploits are likely to spread throughout smart homes, offices and vehicles due to the widespread use of the SDK.
Oligo gives Apple credit for their cooperation during the disclosure process. He also notes that updated software for Apple devices is now available. The greater risk is with third-party products or legacy products that are not supported and may never be fixed. Researchers estimate that attackers could target millions of systems, citing Apple’s global figure of 2,35 billion active devices and tens or millions of third-party AirPlay installations.
Oligo intends to publish more detailed scenarios of attack in the future. Researchers urge users to update their Apple devices – Apple released updates for macOS and iPadOS earlier this week. Users should also review their AirPlay and network sharing settings, especially when connecting to unsecured or public Wi-Fi networks. You can find a complete list of bugs and additional remediation steps in Oligo’s analysis.
Image Credit: Micael faccio
