Researchers at Oligo Security uncovered major flaws in Apple’s AirPlay protocol and SDK affecting many Apple and third-party devices. These flaws, collectively named AirBorne, expose devices to remote code execution, data theft, and denial-of-service attacks. Attackers can hijack devices using zero-click or one-click methods over wireless or peer-to-peer connections. The vulnerabilities allow actions like bypassing controls, reading files, and deploying persistent malware.
The affected systems include millions of Macs and AirPlay-enabled third-party devices around the world.
Apple reports over 2.35 billion active devices globally, increasing the potential attack surface significantly. Oligo disclosed 23 flaws, 17 of which received CVE identifiers, including two critical wormable vulnerabilities. These risks highlight the importance of securing widely used communication protocols embedded in modern devices.
CVE-2025-24252 is a critical macOS flaw that enables arbitrary code execution through a use-after-free condition. When paired with CVE-2025-24206, it supports zero-click wormable attacks across networks. Attackers can silently infect AirPlay-enabled devices on open networks and propagate malware across multiple networks.
This tactic works even via insecure public WiFi environments.
CVE-2025-24132 is a buffer overflow in the AirPlay SDK affecting third-party receivers and speakers. This flaw also supports zero-click wormable code execution without user interaction. Attackers can hijack devices, stream media, or activate microphones to eavesdrop. Oligo recommends updating devices, restricting AirPlay access, and using firewall protections to reduce exposure.
