@The DefendOps Diaries
//
Millions of Apple AirPlay-enabled devices are at risk due to the discovery of 23 critical vulnerabilities, collectively named "AirBorne." These vulnerabilities, found in Apple's AirPlay protocol and Software Development Kit (SDK), could allow attackers on the same Wi-Fi network to remotely execute code on vulnerable devices. This poses a significant threat, particularly to third-party devices that incorporate AirPlay, such as smart TVs, speakers, and CarPlay systems.
The vulnerabilities stem from flaws in Apple's implementation of the AirPlay protocol and SDK, which is used for streaming media between devices. A successful exploit could lead to zero-click or one-click remote code execution, bypassing access controls, and conducting man-in-the-middle attacks. This could enable attackers to take over devices, access sensitive files, and potentially steal data.
Apple has released patches to address the AirBorne vulnerabilities in its own products, including iPhones, iPads, MacBooks, Apple TVs, and the Vision Pro headset, however devices that use the software from third parties are still at risk. However, the potential for unpatched third-party devices to remain vulnerable for years is a major concern. Cybersecurity experts estimate that tens of millions of devices could be affected, highlighting the far-reaching impact of these newly discovered flaws.
Recommended read:
References :
- CyberInsider: ‘AirBorne’ Flaws Expose Apple Devices to Zero-Click RCE Attacks
- WIRED: Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
- BleepingComputer: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
- www.bleepingcomputer.com: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
- cyberinsider.com: ‘AirBorne’ Flaws Expose Apple Devices to Zero-Click RCE Attacks
- bsky.app: Oligo security researchers have disclosed over two dozen vulnerabilities in the Apple AirPlay protocol and SDK. Collectively named AirBorne, the vulnerabilities can allow attackers on the same network to run malicious code on any Apple device that supports AirPlay.
- BleepingComputer: A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.
- securityonline.info: AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
- The DefendOps Diaries: Explore AirBorne vulnerabilities in Apple's AirPlay, posing zero-click RCE threats to devices, and learn about mitigation measures.
- securityaffairs.com: AirBorne flaws can lead to fully hijack Apple devices
- securityonline.info: AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
- BleepingComputer: Mastodon mentions Flaws Expose Apple Devices to Zero-Click RCE Attacks
- www.oligo.security: Oligo Security blog post on AirBorne vulnerability.
- www.techradar.com: Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now
- PCMag UK security: 'AirBorne' Flaw Exposes AirPlay Devices to Hacking: How to Protect Yourself
- Help Net Security: Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies.
- Blog: New Apple zero-days go ‘AirBorne’
- bsky.app: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
- www.helpnetsecurity.com: Airplay-enabled devices open to attack via “AirBorne†vulnerabilities
- Blog: How to find Apple AirPlay devices on your network
- Risky.Biz: In other news: Marks & Spencer sends staff home after ransomware attack; China accuses US of hacking cryptography provider; AirBorne vulnerabilities impact Apple's AirPlay.
- Risky Business Media: The French government calls out Russian hacks for the first time, Marks & Spencer sends staff home after a ransomware attack, China accuses America of hacking a major cryptography provider, and AirBorne vulnerabilities impact Apple’s AirPlay.
- Risky Business Media: Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful
- The Record: Millions of Apple Airplay-enabled devices can be hacked via Wi-Fi
- securityaffairs.com: Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]
- arstechnica.com: Millions of Apple AirPlay-Enabled Devices Can Be Hacked via Wi-Fi
- www.scworld.com: Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
- securityaffairs.com: Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]
- www.pcmag.com: Apple rolled out a fix with iOS 18.4, but third-party AirPlay-compatible devices remain exposed. Researchers at cybersecurity firm Oligo have found major vulnerabilities in Apple's AirPlay protocol that allow hackers to breach compatible devices on the same Wi-Fi network.
- Malwarebytes: Apple AirPlay SDK devices at risk of takeover—make sure you update
- hackread.com: Billions of Apple Devices at Risk from “AirBorne†AirPlay Vulnerabilities
- PhoneArena - Articles: Millions of AirPlay-enabled devices are at risk of being attacked by "AirBorne" security threat
- The Hacker News: Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
Bill Mann@CyberInsider
//
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.
Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.
Recommended read:
References :
- bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
- CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
- isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
- The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
- bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
- securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
- The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Pierluigi Paganini@Security Affairs
//
Apple released a substantial set of security updates on March 31st, 2025, addressing a total of 145 vulnerabilities across its product ecosystem, including iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode. Notably absent from this update was watchOS. The updates included backported fixes for three actively exploited zero-day vulnerabilities, specifically targeting older iOS and iPadOS versions. These vulnerabilities had already been addressed in more recent versions a few weeks prior.
The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.
Recommended read:
References :
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- securityaffairs.com: Apple backported fixes for three actively exploited flaws to older devices
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
- The Hacker News: Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices
- CyberInsider: Apple Backports Zero-Day Fixes to Older iOS and macOS Versions
- Full Disclosure: APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4
- Security | TechRepublic: Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities
Pierluigi Paganini@Security Affairs
//
Apple has released security updates to address actively exploited zero-day vulnerabilities impacting older iPhones and Macs. The patches aim to fix flaws that could allow malicious actors to elevate privileges or execute arbitrary code on affected devices. These updates address CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, and are now available for iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.
The vulnerabilities include a use-after-free bug in the Core Media component (CVE-2025-24085), an authorization issue in the Accessibility component (CVE-2025-24200), and an out-of-bounds write issue in the WebKit component (CVE-2025-24201). Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025. CVE-2025-24200 specifically allowed attackers with physical access to locked devices to disable USB Restricted Mode. Users of older devices, including iPhone 6s, iPhone 7, iPhone 8, iPhone X, iPad Air 2, and various iPad Pro models, are urged to update their systems to safeguard against potential threats.
Recommended read:
References :
- securityaffairs.com: Apple backported fixes for three actively exploited flaws to older devices
- The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
- BleepingComputer: Apple backports zero-day patches to older iPhones and Macs
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
|
|
FlagThis - #applesecurity