AirPlay Flaws Expose Apple Devices to Zero-Click Attacks
Security researchers at Oligo Security have uncovered 23 vulnerabilities in Apple’s AirPlay protocol and SDK that could allow attackers to hijack devices—sometimes without any user interaction. These flaws impact both Apple devices and third-party products that rely on the AirPlay SDK.
Two of the most critical bugs, CVE-2025-24252 and CVE-2025-24132, enable wormable, zero-click remote code execution (RCE), allowing attackers to fully take over devices and use them to spread malware or launch further attacks such as ransomware or espionage.
Oligo warns that infected AirPlay-enabled devices could silently spread malware across any local network they join, triggering widespread compromise. Apple has addressed the vulnerabilities—collectively dubbed AirBorne—in recent updates to iOS, iPadOS, and macOS, following collaboration with Oligo.
Seventeen CVE IDs have been issued for the security issues, which range from RCE and privilege bypasses to file access, man-in-the-middle attacks, and denial-of-service (DoS). One flaw, CVE-2025-24252, is a use-after-free bug that can be chained with CVE-2025-24206 to enable zero-click RCE on macOS systems set to allow AirPlay connections from anyone on the network.
Oligo emphasized the risks of wormable attacks due to the ability of these vulnerabilities to spread without human interaction.
A compromised device on an enterprise network could give attackers a foothold to infiltrate other systems and move laterally across the environment. Oligo Security has released a video showing how CVE-2025-24252 can be exploited. Another flaw, CVE-2025-24271—an access control issue—lets unauthenticated attackers send AirPlay commands without pairing and can be chained with CVE-2025-24137 (patched in January 2025) for one-click remote code execution.
CVE-2025-24132, a stack-based buffer overflow vulnerability, allows zero-click RCE on AirPlay-enabled speakers and receivers, regardless of their settings, and could be used to develop wormable attacks. Oligo also warns that this flaw could impact CarPlay systems, potentially enabling attackers to distract drivers with unauthorized visuals and audio, eavesdrop on conversations, or track vehicle locations.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
