Cybersecurity firm Oligo has uncovered a series of critical vulnerabilities, collectively known as “AirBorne,” within Apple’s AirPlay system that could jeopardize billions of devices globally. AirPlay, a widely used technology for streaming audio and video among Apple devices and third-party products, has been found to contain 23 significant weaknesses that could enable hackers to take control of devices on the same Wi-Fi network.
In response to these alarming findings, Apple has rolled out updates to its devices and provided fixes to third-party manufacturers, urging them to implement these changes swiftly. However, many companies may not act promptly, leaving countless devices open to exploitation. The report details 17 unique security identifiers (CVEs) associated with these vulnerabilities, which include options for remote control without user interaction (Zero-Click Remote Code Execution – RCE), unauthorized access to file systems, theft of sensitive user data, and interception of communication, raising significant concerns for users.
Two of the critical vulnerabilities identified—CVE-2025-24252 and CVE-2025-24132—expose the potential for wormable attacks that could propagate malicious software throughout connected networks. This could result in severe ramifications such as unauthorized surveillance and ransomware attacks, impacting millions of Apple and third-party AirPlay devices, including those integrated into vehicles through CarPlay.
Oligo’s technical demonstrations illustrated how Zero-Click RCE could function on macOS under specific network configurations, enabling malware to leverage these vulnerabilities to infiltrate systems easily. The security research additionally found that many fundamental AirPlay commands lack sufficient security protections. For instance, the handling of data formats known as “plist” could lead to confusion vulnerabilities, allowing attackers to crash devices and impersonate them on the network, thereby intercepting private communications.
Following the release of their comprehensive report on April 29, 2025, Oligo is urging users and relevant organizations to immediately upgrade their devices. Users are advised to disable AirPlay when not in use and restrict its access on their networks to mitigate potential risks.
Cybersecurity expert and Head of Business Product at NordPass, Karolis Arbaciauskas, emphasized that many third-party devices relying on AirPlay may not receive timely updates, leaving them vulnerable. He also highlighted the importance of securing home Wi-Fi networks with strong passwords and updated security measures to prevent unauthorized access. Arbaciauskas recommended avoiding usage of AirPlay in public spaces and utilizing VPNs for safer connections.