Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now
techradar.com
- Security researchers found dozens of flaws in Apple's AirPlay protocol
- Some of them allowed remote code execution attacks
- Apple has released patches addressing the flaws
Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) carried numerous vulnerabilities that could be abused to run remote code execution (RCE) attacks, man-in-the-middle (MitM) attacks, or denial of service (DoS) attacks. To make matters worse, some of these vulnerabilities could be used in zero-click attacks, meaning to pull it off - no interaction from the victim is required.
Cybersecurity researchers Oligo Security found 23 flaws and collectively dubbed them AirBorne. Two of the flaws could be used in RCE attacks, which are now tracked as CVE-2025-24252, and CVE-2025-24132. There is also CVE-2025-24206, a user interaction bypass vulnerability that allows crooks to bypass “Accept” click requirements on AirPlay requests.
"This means that an attacker can take over certain AirPlay-enabled devices and ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE