Researchers find numerous Apple AirPlay vulnerabilities allowing "wormable" exploits over Wi-Fi

In brief: Security researchers have uncovered a wide-ranging set of vulnerabilities in Apple's AirPlay protocol that could allow attackers to hijack Apple and third-party devices remotely without user interaction. The exploit chain, dubbed "AirBorne," includes 23 individual bugs – 17 with official CVEs – and enables zero-click remote code execution on vulnerable systems. Cybersecurity firm Oligo identified several "critical" flaws in Apple's native AirPlay protocol and the AirPlay Software Development Kit (SDK) used by audio and automotive manufacturers. While Apple has patched its platforms, many third-party devices remain exposed due to slow OEM update cycles. Oligo estimates that tens of millions of speakers, TVs, and CarPlay-enabled systems could still be vulnerable. AirBorne is particularly dangerous due to its support for "wormable" exploits – attacks that can spread automatically between devices on the same network without user interaction. A critical flaw (CVE-2025-24252), co ... Read full article.