Particle.news

Download on the App Store

Critical AirPlay Vulnerabilities Leave Millions of Devices Exposed

Oligo researchers reveal 'AirBorne' flaws enabling zero-click attacks, with third-party devices likely to remain vulnerable for years despite Apple's patches.

Image
Image
Image
Image

Overview

  • Cybersecurity firm Oligo disclosed 23 vulnerabilities in Apple's AirPlay protocol and SDK, collectively named 'AirBorne,' enabling remote code execution and malware spread.
  • Apple patched its devices and SDKs on March 31, but tens of millions of third-party AirPlay and CarPlay-enabled devices remain unpatched due to slow manufacturer updates.
  • Exploitation requires attackers to be on the same Wi-Fi network, with public and poorly secured networks posing heightened risks for users and organizations.
  • Potential attack outcomes include espionage, botnet creation, ransomware deployment, and stealthy malware propagation across networks.
  • Oligo advises users to update Apple devices, restrict AirPlay access, and avoid connecting vulnerable devices to public Wi-Fi networks to mitigate risks.