Researchers have discovered a critical vulnerability in Apple’s AirPlay protocol. It affects both Apple devices that support AirPlay as well as third-party devices that interface with it. The flaw can enable an attacker to fully takeover a device without the user’s awareness. Review this Cybersecurity Threat Advisory to protect your Apple devices.
What is the threat?
The Apple AirPlay vulnerability presents a significant threat as it can lead to many different attack vectors, the most notable of which include zero click remote code execution (RCE), one-click RCE, Access Control List bypass, Local Arbitrary File read, DOS and much more. When chained together, the Airborne flaws could allow an attacker on the same wireless or peer-to-peer network to fully hijack devices without any user interaction. The threat is present in all Apple devices that support airplay as well as IoT devices which leverage the Airplay Software Development Kit (SDK).
Why is it noteworthy?
This vulnerability poses a significant risk because many Apple devices support AirPlay, including iPhones, iPads, Macs, Apple TVs, and other smart devices. Users utilize these devices daily in homes, offices, and enterprise environments, creating a large attack surface.
What is the exposure or risk?
This threat spreads wirelessly through peer-to-peer connections, allowing an attacker on the same local network to effectively compromise a device without any user interaction, and then move laterally to other nearby devices make this threat concerning. This wireless, zero-interaction pathway means a single vulnerable device could be used to silently affect others nearby, increasing the risk of a wider compromise, especially in environments with multiple Apple devices.
What are the recommendations?
Barracuda recommends users to take these steps to mitigate your risks from this threat:
- Update operating systems to these versions: IOS and IPadOS: 18.4, macOS: Sequoia 15.4, Ventura 13.7.5, Sonoma 14.7.5, tvOS 18.4, visionOS: 2.4.
- Update third party devices that utilize the AirPlay SDK: Airplay Audio SDK: 2.7.1, AirPlay Video SDK: 6.0.126.
- Disable AirPlay Receiver on devices if not in use.
- Set “Allow AirPlay for” to “Current User” to reduce exposure, even though it won’t block all potential attacks.
- Create firewall rules to limit or block AirPlay communication (Port 7000 on Apple Devices).
- Establish a response procedure for AirPlay-based exploitation attempts, including steps to isolate affected devices, collect network traffic logs, and verify device patch levels.
- Develop an Incident Response Plan that outlines procedures for identifying, containing, and remediate exploitation attempts related to the AirPlay vulnerability, and ensure that all relevant personnel are trained on their roles during a security incident.
Reference
For more in-depth information about the recommendations, please visit the following link:
- https://www.oligo.security/blog/airborne
- https://support.apple.com/en-us/122371
- https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
- https://nvd.nist.gov/vuln/detail/CVE-2025-24271
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.