Cybersecurity researchers have uncovered a series of critical vulnerabilities in Apple’s AirPlay protocol, collectively dubbed “AirBorne,” that could allow attackers to take control of devices without user interaction. These flaws, identified by Israeli cybersecurity firm Oligo, affect both Apple devices and numerous third-party products utilizing the AirPlay SDK.
Zero-Click, Wormable Exploits
Among the 23 vulnerabilities discovered, some—such as CVE-2025-24252 and CVE-2025-24132—can be chained to create a wormable zero-click remote code execution (RCE) exploit. This means an attacker on the same Wi-Fi network could compromise a device without any user interaction and potentially spread malware to other devices on connected networks.
The vulnerabilities enable various attack vectors, including:
- Zero- or one-click RCE
- Access control list (ACL) and user interaction bypass
- Local arbitrary file read
- Information disclosure
- Adversary-in-the-middle (AitM) attacks
- Denial-of-service (DoS)
For instance, chaining CVE-2025-24252 and CVE-2025-24206 can achieve a zero-click RCE on macOS devices connected to the same network, provided the AirPlay receiver is set to “Anyone on the same network” or “Everyone.”
Widespread Impact on Third-Party Devices
While Apple has released patches for its devices—including iOS 18.4, macOS Sequoia 15.4, and others—millions of third-party devices remain vulnerable. These include smart TVs, speakers, and car infotainment systems that rely on the AirPlay SDK. Many of these devices may not receive timely updates, leaving users exposed to potential attacks.
Oligo’s Chief Technology Officer, Gal Elbaz, emphasized the risk: “Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch—or they will never be patched.”
Recommendations for Users
To mitigate the risks associated with these vulnerabilities:
- Update all Apple devices to the latest software versions.
- For third-party devices, check with manufacturers for available updates.
- Disable AirPlay when not in use.
- Restrict AirPlay access to “Current user” in settings.
These steps can help reduce the attack surface and protect against potential exploits stemming from the AirBorne vulnerabilities.