Apple device users are being warned to update their devices immediately after cybersecurity researchers discovered a series of security flaws in Apple’s AirPlay protocol. The vulnerabilities, collectively named “AirBorne” by Israeli cybersecurity company Oligo, could allow attackers to take control of devices that support AirPlay. Some of the vulnerabilities, including CVE-2025-24252 and CVE-2025-24132, are particularly concerning as they can facilitate a wormable zero-click remote code execution exploit.
This means that bad actors could deploy malware that can spread across devices on any local network the infected device connects to, potentially leading to sophisticated cyberattacks like backdoors and ransomware. Attackers can chain these vulnerabilities to potentially take control of devices that support AirPlay,” said security researchers Uri Katz, Avi Lumelsky, and Gal Elbaz.
AirPlay vulnerabilities exposed
Combined, these vulnerabilities could enable various attacks such as zero- or one-click remote code execution, access control list bypass, local arbitrary file read, information disclosure, adversary-in-the-middle attacks, and denial-of-service. Apple has addressed these vulnerabilities in recent software updates for iOS, iPadOS, macOS, tvOS, and visionOS. However, Oligo estimates that tens of millions of third-party AirPlay-enabled devices are potentially vulnerable to attacks.
Because AirPlay is supported in such a wide variety of devices, a lot will take years to patch—or they will never be patched,” said Gal Elbaz, Oligo’s chief technology officer and co-founder. Even if your Apple device is up to date, you may still be at risk from someone else’s device that has not been updated if it is connected to the same public Wi-Fi network at airports, coffee shops, or even at work. To best protect yourself from malware attacks and hacks, ensure that all your AirPlay-enabled devices are updated, and be cautious about which Wi-Fi networks you connect to.
Image Credits: Photo by Jens Kreuter on Unsplash
April Isaacs is a news contributor for DevX.com She is long-term, self-proclaimed nerd. She loves all things tech and computers and still has her first Dreamcast system. It is lovingly named Joni, after Joni Mitchell.
