Skip to main content

Apple AirPlay Flaw Lets Hackers Hijack

simran May 23, 2025
Apple AirPlay Flaw Lets Hackers Hijack

Security Flaw in Apple’s AirPlay Feature Puts Users at Risk

A recent report has revealed that Apple‘s widely used AirPlay feature contains significant security vulnerabilities, making users susceptible to hacking. Researchers from the cybersecurity firm Oligo have discovered 23 vulnerabilities, collectively known as "AirBorne," which affect both Apple’s AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors.

Researchers Demonstrate the Security Flaw

In a video demonstration, the researchers showcased how an attacker on the same network could exploit an AirPlay-enabled Bose speaker, launch a remote code execution (RCE) attack, and display the "AirBorne" logo on its screen. They warned that a similar technique could be used to infiltrate any microphone-equipped device for espionage purposes. According to Oligo CTO Gal Elbaz, the number of potentially vulnerable devices could be in the millions.

"Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched. And it’s all because of vulnerabilities in one piece of software that affects everything," Elbaz explained.

Oligo disclosed the vulnerabilities to Apple earlier and collaborated with the company for several months on patches before releasing their research to the public. Apple issued updates addressing these issues in March for devices running iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. However, third-party products that implement the AirPlay protocol are still at risk, as manufacturers need to distribute their firmware updates for users to install to close the exposure.

Meanwhile, Apple stated that while it has created patches for these third-party devices, there are "limitations" to the attacks that would be possible on AirPlay-enabled devices due to the bugs. The researchers also noted that CarPlay-equipped systems remain at risk, as hackers can carry out an RCE attack if they are nearby and "the device has a default, predictable, or known Wi-Fi hotspot password."

Article Details

  • Published On: May 23, 2025, at 08:58 AM IST

Join the Community

Join the community of 2M+ industry professionals by subscribing to our newsletter to get the latest insights and analysis.

Download the ETCISO App

  • Get real-time updates
  • Save your favorite articles
    Download Now

Source Link

Next Post

You May Also Like

God Of War Kratos Ascension Ragnarok
God of War Tops AllNews

God of War Tops All

March 22, 2025
Internet’s EndNews

Internet’s End

July 10, 2025
One UI 7 Widget in Galaxy Buds 3 Pro Manager App
One UI 7 Widget in Galaxy Buds 3 Pro Manager AppTech

One UI 7 Widget in Galaxy Buds 3 Pro Manager App

February 5, 2025

FUSION MAG