A significant security threat has emerged for users of Apple's popular AirPlay streaming protocol. Cybersecurity researchers have uncovered a collection of vulnerabilities that could allow hackers to remotely execute malicious code on affected devices, potentially compromising millions of Apple and third-party products worldwide.
The 'AirBorne' Vulnerability Explained
Cybersecurity firm Oligo has discovered a series of critical security flaws in Apple's AirPlay protocol and its Software Development Kit (SDK). Dubbed AirBorne, these vulnerabilities allow attackers on the same local network to hijack AirPlay-enabled devices without requiring any user interaction. This zero-click attack vector works across a wide range of products, from Apple's own devices to third-party speakers, TVs, receivers, and other AirPlay-compatible gadgets. The attack can be executed on any shared network, including home networks, workplaces, and public Wi-Fi hotspots at airports, cafes, or hotels.
How The Attack Works
The AirBorne vulnerability operates exclusively on local networks, requiring the attacker to be connected to the same network as the target device. Once connected, hackers can exploit the flaws to inject malware, execute malicious code, or perform other types of attacks such as Man-in-the-middle (MITM) or Denial of Service (DoS). On Mac computers, attackers could potentially gain complete control and run harmful programs. For connected devices with microphones, like smart speakers, hackers could remotely activate the microphone to eavesdrop on conversations or take over audio playback functionality. Oligo demonstrated this capability by remotely executing code on a Bose speaker, displaying the AirBorne logo on its screen.
Apple's Response and Patches
After being alerted by Oligo researchers in late 2024, Apple worked closely with the cybersecurity firm to address the vulnerabilities. Apple has since released patches for its devices through software updates on March 31, 2025. These updates include iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. Users are strongly encouraged to update their Apple devices immediately to protect against potential exploitation.
 |
|---|
| Settings for AirDrop & Handoff on macOS, illustrating how to disable the AirPlay Receiver option |
Third-Party Devices Remain at Risk
While Apple has patched its own devices, the more concerning issue involves the tens of millions of third-party AirPlay-compatible devices that remain vulnerable. These include smart TVs, speakers, receivers, and other gadgets that support the AirPlay protocol. Unlike Apple's devices, which can receive centralized updates, these third-party products may not receive timely security patches, if at all. This creates a significant security gap that could persist for years as manufacturers may be slow to address the vulnerabilities or might never issue updates for older products.
CarPlay Also Affected
The security researchers noted that Apple's CarPlay feature is also exposed to these vulnerabilities. Vehicles with CarPlay units are particularly at risk if they use default, predictable, or known Wi-Fi hotspot passwords. This extends the potential attack surface to millions of vehicles worldwide, adding another dimension to the security concern.
How to Protect Your Devices
To minimize risk from the AirBorne vulnerability, users should take several precautionary measures. First and foremost, update all Apple devices to the latest software versions immediately. For third-party AirPlay-compatible devices, check for and install any available firmware updates. When not actively using AirPlay, disable the feature entirely—on Mac computers, this can be done through System Settings > AirDrop & Handoff by turning off the AirPlay Receiver option.
Additional Security Recommendations
Security experts recommend limiting AirPlay streaming to trusted devices only and configuring settings to allow AirPlay only for the current user rather than everyone on the network. On Mac computers, this setting can be adjusted in System Settings > General > AirDrop & Handoff, by changing the Allow AirPlay For dropdown to Current User. Most importantly, users should avoid using AirPlay on public Wi-Fi networks altogether, as these present the highest risk of exploitation.
The discovery of the AirBorne vulnerability serves as a reminder of the security challenges inherent in widely adopted wireless protocols. As connected devices continue to proliferate in homes and workplaces, the potential attack surface expands, making regular security updates and cautious network practices increasingly important for everyday users.