Full Report
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. "These vulnerabilities can be chained by
Analysis Summary
# Vulnerability: Wormable AirPlay Flaws Enabling Zero-Click RCE (AirBorne)
## CVE Details
The article mentions several CVEs, but does not explicitly list their CVSS scores or CWEs.
- CVE ID: CVE-2025-24252, CVE-2025-24132, CVE-2025-24271, CVE-2025-24137, CVE-2025-24206, CVE-2025-24270, CVE-2025-24251, CVE-2025-31197, CVE-2025-30445, CVE-2025-31203
- CVSS Score: N/A
- CWE: N/A (Specific vulnerability types like ACL, Stack-based buffer overflow, Type confusion, Integer overflow, and Authentication bypass are mentioned for specific CVEs)
## Affected Systems
- **Products:** Apple devices and third-party devices leveraging the AirPlay SDK that support the AirPlay protocol.
- **Versions:** Details not specified in the provided text, but noted as being patched.
- **Configurations:** Exploitation particularly relevant when the AirPlay receiver is set to "Anyone on the same network" or "Everyone."
## Vulnerability Description
A set of vulnerabilities, codenamed **AirBorne**, affecting Apple's AirPlay protocol. These flaws can be chained to achieve zero-click Remote Code Execution (RCE) on affected devices connected to the same network as the attacker. Specific flaws include:
* **CVE-2025-24252 & CVE-2025-24132:** Chaining these can lead to wormable zero-click RCE, allowing malware propagation across a network.
* **CVE-2025-24271:** Allows an attacker on the same network to send AirPlay commands to a signed-in Mac without pairing (ACL bypass).
* **CVE-2025-24132:** A stack-based buffer overflow leading to zero-click RCE on speakers/receivers using the AirPlay SDK.
* **Other Flaws:** Include authentication bypass (CVE-2025-24206), local arbitrary file read, information disclosure (CVE-2025-24270), Denial of Service (DoS) via integer overflow (CVE-2025-31203), and application termination due to various memory/logic errors.
## Exploitation
- **Status:** Potential for wormable zero-click RCE and various other attacks identified. The article implies these are now patched, suggesting they were likely discovered pre-exploit or responsibly disclosed.
- **Complexity:** Zero-click RCE indicates **Low** complexity for initial access via chaining.
- **Attack Vector:** **Network** (requires local network presence).
## Impact
- **Confidentiality:** Medium to High (Information disclosure, potential backdoor placement).
- **Integrity:** High (Remote Code Execution, ransomware deployment).
- **Availability:** Medium (Denial-of-Service conditions possible).
## Remediation
### Patches
The article states the identified vulnerabilities **have been patched** in subsequent software/firmware updates (versions not explicitly listed in the provided snippet). Users are advised to check official Apple advisories for the corresponding patches for macOS and other affected devices/SDKs.
### Workarounds
No specific workarounds are detailed in the provided text, other than the necessary configuration modification:
* Set AirPlay receiving settings away from "Anyone on the same network" or "Everyone" if available, although this only mitigates RCE dependent on this setting for certain chains.
## Detection
- **Indicators of Compromise:** Not explicitly detailed, but generally look for unexpected AirPlay connection attempts, unauthorized device interactions, or unusual network propagation behavior.
- **Detection Methods and Tools:** N/A (No specific IOCs or tools mentioned in the summary text).
## References
- Vendor advisories (Implied, accessible via the link below).
- Relevant links - defanged: hxxps://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html