AirPlay Security Flaws Impact Third-Party Devices and Unpatched Apple Products

by

Researchers at cybersecurity firm Oligo today outlined a series of AirPlay vulnerabilities that impact millions of Apple devices (via Wired) and accessories that connect to Apple devices. While Apple has addressed the flaws in security updates that have come out over the last several months, some third-party devices that support ‌AirPlay‌ remain vulnerable.

AirPlay Feature
Dubbed "Airborne," the ‌AirPlay‌ vulnerabilities allowed attackers to take control of devices that support ‌AirPlay‌ to spread malware to other devices on any local device that the infected device connects to. An attacker would need to be on the same Wi-Fi network as the intended victim, putting public Wi-Fi spots, businesses, and other high-traffic areas at more risk.

Oligo researchers said that the ‌AirPlay‌ flaws could lead to "sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more." The vulnerabilities could be used independently or chained together for a "variety of possible attack vectors," such as Remote Code Execution, user interaction bypass, Denial of Service attacks, Man-in-the-Middle attacks, and more.

Apple worked with Oligo to identify and fix the vulnerabilities. Oligo found 23 separate security flaws, and Apple issued 17 CVEs to address them. Information on each vulnerability is outlined on Oligo's website. Apple also deployed fixes for its ‌AirPlay‌ SDK for third-party manufacturers.

The same Airborne vulnerabilities also impact CarPlay, which could allow hackers to hijack the automotive computer in a car. This attack vector would require the attacker to be directly in the car and connected to either the car's Bluetooth or an in-car USB port, which makes it unlikely.

Oligo recommends that users upgrade to the latest versions of iOS, iPadOS, macOS, tvOS, and visionOS, to protect themselves from these vulnerabilities. Other devices that support ‌AirPlay‌ may still be vulnerable, so users should take steps like disabling the ‌AirPlay‌ Receiver feature on Macs and restricting ‌AirPlay‌ to the current user instead of all users.

Oligo CTO Gal Elbaz told Wired that there could be tens of millions of third-party ‌AirPlay‌ devices that are still vulnerable to attack. Because ‌AirPlay‌ is supported in such a wide variety of devices, there are a lot that will take years to patch--or they will never be patched," he said.

Tag: AirPlay

Popular Stories

apple watch ultra yellow

What's Next for the Apple Watch Ultra 3 and Apple Watch SE 3

Friday April 25, 2025 2:44 pm PDT by
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too. 2025 Apple Watch Ultra 3 Apple didn't update the...
Read Full Article65 comments
iphone 16 display

iPhone 17's Scratch Resistant Anti-Reflective Display Coating Canceled

Monday April 28, 2025 12:48 pm PDT by
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors. Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Read Full Article102 comments
iPhone 17 Air Pastel Feature

iPhone 17 Reaches Key Milestone Ahead of Mass Production

Monday April 28, 2025 8:44 am PDT by
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report. iPhone 17 Air mockup based on rumored design The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
Read Full Article27 comments
Beyond iPhone 13 Better Blue

20th Anniversary iPhone Likely to Be Made in China Due to 'Extraordinarily Complex' Design

Monday April 28, 2025 4:29 am PDT by
Apple will likely manufacture its 20th anniversary iPhone models in China, despite broader efforts to shift production to India, according to Bloomberg's Mark Gurman. In 2027, Apple is planning a "major shake-up" for the iPhone lineup to mark two decades since the original model launched. Gurman's previous reporting indicates the company will introduce a foldable iPhone alongside a "bold"...
Read Full Article120 comments
iPhone 17 Air Pastel Feature

iPhone 17 Air Launching Later This Year With These 16 New Features

Thursday April 24, 2025 8:24 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the iPhone 17 Air sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Read Full Article101 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article

Top Rated Comments

HaHaRich! Avatar
HaHaRich!
2 hours ago at 05:30 pm

Most of this stuff sounds cool in a lab, but isn’t real


For example…

“An attacker would need to be on the same Wi-Fi network as the intended victim”

So he has your Wi-Fi password or you’re doing AirPlay over public Wi-Fi?



“This attack vector would require the attacker to be directly in the car”.

If you have an attacker in your car, there’s a lot of attack vectors he can use that don’t involve CarPlay. I think you have bigger problems then your CarPlay being hacked.
I don’t think you have to be “doing” AirPlay over public WiFi, but have an unpatched AirPlay compatible device on a WiFi network with the attacker.

As far as CarPlay, this could be a very big issue for rental car companies. I don’t know about you, but I take rental cars on family trips. Never occurred to me that Avis could infect my iPhone ?
Score: 3 Votes (Like | Disagree)
Artemiz Avatar
Artemiz
3 hours ago at 04:57 pm
I want the guy who came up with "Airborne" to be the head of branding dept at Apple.

Pro, Air, Ultra -- Not a fan!
Score: 3 Votes (Like | Disagree)
123 Avatar
123
44 minutes ago at 06:46 pm

Maybe I’m overlooking something obvious though.
Yes you are. That big Samsung touch screen in the meeting room where everyone wo ever has a meeting connects, and which is reachable from the company's guest WiFi.
Score: 2 Votes (Like | Disagree)
ajcadoo Avatar
ajcadoo
2 hours ago at 05:37 pm
Apple can barely publish general code that’s bug free, how on earth can we trust them with secure code?
Score: 1 Votes (Like | Disagree)
Chungry Avatar
Chungry
2 hours ago at 05:38 pm

I don’t think you have to be “doing” AirPlay over public WiFi, but have an unpatched AirPlay compatible device on a WiFi network with the attacker.

As far as CarPlay, this could be a very big issue for rental car companies. I don’t know about you, but I take rental cars on family trips. Never occurred to me that Avis could infect my iPhone ?
It can't "infect your phone" ?
Score: 1 Votes (Like | Disagree)
HaHaRich! Avatar
HaHaRich!
2 hours ago at 05:41 pm

It can't "infect your phone" ?
Did I misread it? The article describes the vulnerability as being able to execute and spread malicious code to unpatched systems. If that’s the case, how else does one define “infect”?
Score: 1 Votes (Like | Disagree)
Read All Comments