Critical AirPlay Flaws Expose Apple Devices to Remote Takeover
Oligo Security has uncovered 23 severe vulnerabilities in Apple’s AirPlay protocol and SDK—collectively dubbed AirBorne—that could allow attackers to hijack Apple and third-party devices over wireless and peer-to-peer connections.
Among the flaws, CVE-2025-24252 and CVE-2025-24132 are particularly dangerous, enabling wormable zero-click remote code execution (RCE). Attackers could exploit them to silently take control of AirPlay-enabled devices, deploy malware, and spread attacks across local networks—posing risks of espionage, ransomware, and supply-chain breaches.
AirPlay’s widespread integration in over 2.35 billion Apple devices and many third-party products makes the potential impact significant. Notably, CVE-2025-24252, a use-after-free bug in macOS, and CVE-2025-24132, a buffer overflow in the AirPlay SDK, allow remote takeovers without user interaction—even over public WiFi.
Oligo reported the issues to Apple, which issued 17 CVEs and released patches in collaboration with Oligo.
Mitigation Recommendations:
- Update all Apple and AirPlay-enabled devices immediately.
- Disable AirPlay Receiver if not in use.
- Limit access using firewalls (block port 7000).
- Set AirPlay permissions to “Current User” only.
Security teams are urged to communicate these steps to employees to prevent exploitation of personal and corporate devices.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
