Do Son 
AirPlay, developed by Apple, is a proprietary protocol that allows users to wirelessly stream content from iOS devices to televisions or other displays. While originally intended for Apple’s own ecosystem, the protocol has since been adopted by tens of millions of third-party devices worldwide.
Recently, cybersecurity firm Oligo Security Research disclosed multiple vulnerabilities within the AirPlay protocol. These flaws, if exploited, could allow attackers to execute zero-click remote code execution. Although Apple had already addressed these vulnerabilities prior to the publication of the research, many third-party devices remain unpatched and thus exposed.
The potential consequences of these vulnerabilities are severe and include:
- Zero-click remote code execution
- One-click remote code execution
- Access control bypass and user interaction circumvention
- Arbitrary local file reading
- Leakage of sensitive information
- Man-in-the-middle (MitM) attacks
- Denial-of-service (DoS) attacks
Among the most critical flaws are CVE-2025-24252 and CVE-2025-24132. Successful exploitation enables zero-click remote code execution. These vulnerabilities are wormable, meaning they can propagate laterally across local networks, infecting additional devices without human interaction.
The attack vector has been collectively named AirBorne, comprising 24 distinct vulnerabilities, of which 17 have been assigned CVE identifiers. Affected devices include iPhones, iPads, Macs, Apple TVs, Vision Pro headsets, and vehicles equipped with Apple’s CarPlay system.
While Apple has already patched these vulnerabilities through updates to iOS, iPadOS, and macOS, the situation is more precarious for third-party devices. Many smart TVs and other non-Apple devices may no longer receive firmware updates from their manufacturers, leaving them indefinitely vulnerable. In the absence of vendor-issued patches, these flaws are likely to be weaponized.
For enterprises, the risk is significantly magnified. The abundance of devices within corporate networks increases the likelihood of widespread infection via lateral movement. Thus, immediate action is imperative: any device capable of being updated should be patched without delay.
Apple released fixes for these vulnerabilities on March 31, 2025, through updates to iOS, iPadOS, macOS, and related platforms. With most Apple devices now running newer, secure versions, Oligo Security Research proceeded to publish its findings. Users are strongly advised to check for system updates and upgrade to the latest available software to ensure protection.
