AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover
securityweek
Vulnerabilities in Apple’s AirPlay protocol and the accompanying SDK could allow attackers to take over devices, in some instances without user interaction, runtime protection firm Oligo Security says.
The identified security defects, 23 in total, could be exploited over wireless networks and peer–to-peer connections, leading to the complete compromise of not only Apple products, but also third-party devices that use the AirPlay SDK.
Two of the discovered vulnerabilities, tracked as CVE-2025-24252 and CVE-2025-24132, enable attackers to build wormable zero-click remote code execution exploits. The compromised devices could be used as a launchpad for additional compromise.
“This means that an attacker can take over certain AirPlay-enabled devices and do things like deploy malware that spreads to devices on any local network the infected device connects to. This could lead to the delivery of other sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more,” Oligo says.
A total of ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE