Cyber security researchers have now revealed a series of security weaknesses found in Apple’s Airplay Protocol, which if successfully exploited, may be able to handle an attacker to handle overcrowded equipment supporting ownership technology to an attacker.
The shortcomings are collectively coded Airborne By Israeli Cyber Security Company Oligo.
Safety researchers Uri Katj, AV Lumelsky and Gall Elbaz said, “These weaknesses can be chased by the attackers to potentially to control devices that support airplays-both-include apple devices and third-party devices that take advantage of airplays SDK.”
Some weaknesses such as CVE-2025-24252 and CVE-2025-24132 can simultaneously be trapped together for a vermal zero-click RCE exploitation, which can enable bad actors to deploy malware that connects devices on any local network.
This can then pave the way for sophisticated attacks that can lead to the deployment of backdoor and ransomware, leading to a serious security risk.
In short, weaknesses, zero or one-click remote code execution (RCE), Access Control List (ACL) and user interaction bypass, local arbitrary file rear, information disclosure, adversaries-in-media (AITM) can enable the attacks and denying-service (DOS).
This includes CVE-2025-24252 and CVE-2025-24206 to get a zero-click RCE on MACOS devices that are connected to the same network as an attacker. However, for this exploitation to be successful, the airplay receiver needs to set and set on the “one on the same network” or “all” configurations.
In the scenario of a fictional attack, a victim’s equipment may be compromised when associated with a public Wi-Fi network. Whether the device should be linked to an enterprise network later, it can provide an attacker a way to dissolve other devices that are connected to the same network.
https://www.youtube.com/watch?v=eq8buwfusum
Some other notable flaws are listed below –
- Cve-2025-24271 – An ACL vulnerability that can enable an attacker on the same network as a sign-in Mac to send airplay command without pairing
- Cve-2025-24137 – A vulnerability that can cause an application to execute or eliminate arbitrary code
- Cve-2025-24132 -The stack-based buffer overflow vulnerability resulted in a zero-click RCE on speakers and receivers that avail the airplay SDK
- Cve-2025-24206 – A certification vulnerability that may allow an attacker on local network to bypass certification policy
- Cve-2025-24270 – A vulnerability that can allow an attacker to leak sensitive user information on local networks
- Cve-2025-24251 – A vulnerability that can cause an attacker on the local network to expire an unexpected app
- Cve-2025-31197 – A vulnerability that can cause an attacker on the local network to expire an unexpected app
- Cve-2025-30445 – A type of confusion vulnerable
- Cve-2025-31203 – An integer overflow vulnerability that can cause an attacker on the local network a dos position
After the responsible disclosure, the identified weaknesses have been patches in versions below –
- iOS 18.4 and iPados 18.4
- iPados 17.7.6
- MacoS Sea 15.4
- Mcos Sonoma 14.7.5
- Mcos Ventura 13.7.5
- TVOS 18.4, and
- Visionos 2.4
https://www.youtube.com/watch?v=vcs5g4jwab8
Some weaknesses (CVE-2025-24132 and CVE-2025-30422) have also been patched in Airplay Audio SDK 2.7.1, Airplay Video SDK 3.6.0.126, and CarPlay Communications Plug-in R18.1.
“For organizations, it is necessary that any corporate Apple devices and other machines that support airplays are immediately updated to the latest software versions,” said Oligo.
“Security leaders also need to provide clear communication to their employees that all their individual equipment that support the airplay also need to be updated immediately.”
