A set of security vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. According to cybersecurity company Oligo Security security researchers who discovered and reported the flaws, they can be exploited in zero-click and one-click RCE attacks, man-in-the-middle (MITM) attacks, and denial of service (DoS) attacks, as well as to bypass access control list (ACL) and user interaction, to gain access to sensitive information, and read arbitrary local files. In all, Oligo disclosed 23 security vulnerabilities to Apple, which released security updates to address these vulnerabilities (collectively known as “AirBorne”) on March 31 for iPhones and iPads (iOS 18.4 and iPadOS 18.4), Macs (macOS Ventura 13.7.5, macOS Sonoma 14.7.5, and macOS Sequoia 15.4), and Apple Vision Pro (visionOS 2.4) devices. The company also patched the AirPlay audio SDK, the AirPlay video SDK, and the CarPlay Communication Plug-in. While the AirBorne vulnerabilities can only be exploited by attackers on the same network via wireless networks or peer-to-peer connections, they allow taking over vulnerable devices and using the access as a launchpad to compromise other AirPlay-enabled devices on the same network. Oligo’s security researchers said they were able to demonstrate that attackers can use two of the security flaws (CVE-2025-24252 and CVE-2025-24132) to create wormable zero-click RCE exploits
Contact us : 0915579536
Or on the website digitalonion.ly
Visit us at our company address: Tripoli – Andalus Street – Next to the Iraqi Embassy.
Leave a Reply