1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-

    From TechnologyDaily@1337:1/100 to All on Wed Apr 30 12:45:07 2025
    Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now

    Date:
    Wed, 30 Apr 2025 11:30:00 +0000

    Description:
    Oligo Security found and reported the flaws to Apple who patched them in late March 2025.

    FULL STORY ======================================================================Security
    researchers found dozens of flaws in Apple's AirPlay protocol Some of them allowed remote code execution attacks Apple has released patches addressing the flaws

    Apples AirPlay Protocol and AirPlay Software Development Kit (SDK) carried numerous vulnerabilities that could be abused to run remote code execution (RCE) attacks, man-in-the-middle (MitM) attacks, or denial of service (DoS) attacks. To make matters worse, some of these vulnerabilities could be used
    in zero-click attacks, meaning to pull it off - no interaction from the
    victim is required.

    Cybersecurity researchers Oligo Security found 23 flaws and collectively dubbed them AirBorne. Two of the flaws could be used in RCE attacks, which
    are now tracked as CVE-2025-24252, and CVE-2025-24132. There is also CVE-2025-24206, a user interaction bypass vulnerability that allows crooks to bypass Accept click requirements on AirPlay requests.

    "This means that an attacker can take over certain AirPlay-enabled devices
    and do things like deploy malware that spreads to devices on any local
    network the infected device connects to. This could lead to the delivery of other sophisticated attacks related to espionage, ransomware, supply-chain attacks, and more," Oligo warned. 'Vast and concerning'

    "Because AirPlay is a fundamental piece of software for Apple devices (Mac, iPhone, iPad, AppleTV, etc.) as well as third-party devices that leverage the AirPlay SDK, this class of vulnerabilities could have far-reaching impacts."

    The potential reach of AirBorne exploitation is vast and concerning, CyberInsider argues. The publication claims Apples wireless streaming
    protocol is critical to the companys ecosystem and is operating on 2.35 billion active devices all over the world.

    It argues that, in theory, a threat actor could compromise a MacBook at a coffee shop, and later use it as a steppingstone into an enterprise network, once the compromised device connects to the companys Wi-Fi.

    Apple has since fixed the flaws with iOS and iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. The
    AirPlay audio SDK, the AirPlay video SDK, and the CarPlay Communication Plug-in have all been updated, as well.

    Via BleepingComputer You might also like Apple fixes dangerous iOS zero days after threats against targeted individuals Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/millions-of-apple-airplay-devices-susce ptible-to-airborne-zero-click-rce-attacks-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)