Overview

• Cybersecurity firm Oligo disclosed 23 vulnerabilities in Apple's AirPlay protocol and SDK, collectively named 'AirBorne,' enabling remote code execution and malware spread.
• Apple patched its devices and SDKs on March 31, but tens of millions of third-party AirPlay and CarPlay-enabled devices remain unpatched due to slow manufacturer updates.
• Exploitation requires attackers to be on the same Wi-Fi network, with public and poorly secured networks posing heightened risks for users and organizations.
• Potential attack outcomes include espionage, botnet creation, ransomware deployment, and stealthy malware propagation across networks.
• Oligo advises users to update Apple devices, restrict AirPlay access, and avoid connecting vulnerable devices to public Wi-Fi networks to mitigate risks.