A newly disclosed set of vulnerabilities in Apple’s AirPlay protocol and SDK, dubbed “AirBorne,” could allow attackers to execute remote code, bypass user interaction, and launch zero-click exploits on millions of Apple and third-party devices.
The flaws were discovered by cybersecurity firm Oligo Security, which identified 23 security vulnerabilities in total.
The bugs affect a wide range of devices—including iPhones, iPads, Macs, Apple Vision Pro, and CarPlay systems—and were patched by Apple on March 31 through updates for iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4.
Among the most critical issues are CVE-2025-24252 and CVE-2025-24132, which enable wormable zero-click remote code execution (RCE) attacks. Another flaw, CVE-2025-24206, allows attackers to bypass the “Accept” prompt typically required for AirPlay connections, making it easier to launch stealth attacks when chained with other vulnerabilities.
While exploitation requires attackers to be on the same local network, via Wi-Fi or peer-to-peer links, the consequences are severe. According to Oligo, attackers could take control of devices and spread malware across local networks, potentially leading to espionage, ransomware, and supply chain attacks.
Given the 2.35 billion active Apple devices worldwide and millions more third-party gadgets that support AirPlay, the impact of these vulnerabilities is far-reaching. Oligo strongly urges organizations and users to immediately update their devices, disable AirPlay when not in use, and restrict access to trusted devices only.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
