Apple ’s popular AirPlay feature has been found to contain major security flaws that could leave users vulnerable to hackers, a report claims. Researchers at cybersecurity firm Oligo have discovered that these vulnerabilities could allow attackers to hijack compatible devices connected to the same Wi-Fi network. AirPlay is a protocol that enables users to stream audio, video, or photos seamlessly from their Apple devices to other Apple devices or third-party gadgets that integrate the technology. A total of 23 vulnerabilities, collectively named “AirBorne,” were reportedly identified. These flaws were present in both Apple’s own AirPlay protocol and the AirPlay Software Development Kit (SDK), which third-party vendors use to make their devices compatible.
Researchers share a video to show how this security flaw can affect users
In their video demonstration, the researchers showed how an attacker on the same network could exploit an AirPlay-enabled Bose speaker, launch a remote code execution (RCE) attack, and display the “AirBorne” logo on its screen. They warned that a similar technique could feasibly be used to infiltrate any microphone-equipped device for espionage purposes. In a statement to Wired, Oligo CTO Gal Elbaz said that the number of potentially vulnerable devices could be in the millions.
“Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched. And it’s all because of vulnerabilities in one piece of software that affects everything,” Elbaz explained to Wired.
Oligo also disclosed the vulnerabilities to Apple earlier and has been collaborating with the company for several months on patches before releasing their research to the public. Apple even issued updates addressing these issues in March for devices running iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4.
However, third-party products that implement the AirPlay protocol are still at risk, as manufacturers have to distribute their firmware updates for users to install to close the exposure.
Meanwhile, Apple told Wired that while it has created patches for these third-party devices, it stressed that there are “limitations” to the attacks that would be possible on AirPlay-enabled devices due to the bugs.
The researchers also noted that CarPlay-equipped systems remain at risk, since hackers can carry out an RCE attack if they are nearby and “the device has a default, predictable, or known Wi-Fi hotspot password.”
Researchers share a video to show how this security flaw can affect users
In their video demonstration, the researchers showed how an attacker on the same network could exploit an AirPlay-enabled Bose speaker, launch a remote code execution (RCE) attack, and display the “AirBorne” logo on its screen. They warned that a similar technique could feasibly be used to infiltrate any microphone-equipped device for espionage purposes. In a statement to Wired, Oligo CTO Gal Elbaz said that the number of potentially vulnerable devices could be in the millions.
“Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched. And it’s all because of vulnerabilities in one piece of software that affects everything,” Elbaz explained to Wired.
Oligo also disclosed the vulnerabilities to Apple earlier and has been collaborating with the company for several months on patches before releasing their research to the public. Apple even issued updates addressing these issues in March for devices running iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4.
However, third-party products that implement the AirPlay protocol are still at risk, as manufacturers have to distribute their firmware updates for users to install to close the exposure.
Meanwhile, Apple told Wired that while it has created patches for these third-party devices, it stressed that there are “limitations” to the attacks that would be possible on AirPlay-enabled devices due to the bugs.
The researchers also noted that CarPlay-equipped systems remain at risk, since hackers can carry out an RCE attack if they are nearby and “the device has a default, predictable, or known Wi-Fi hotspot password.”
You may also like
Ongoing encounter between forces and terrorists enters second day in J&K's Kishtwar
Singer scarred for life in horror slashing attack after stranger storms stage in balaclava
Apara Ekadashi 2025: Do these 6 auspicious tasks on Apara Ekadashi today, you will get immense fruits and freedom from sorrows..
Kajol visits city of joy to seek her Ma's blessings
Congress Leader Rahul Gandhi To Visit Poonch On May 24 To Meet Families Hit By Pakistani Shelling, Says General Secretary Jairam Ramesh
