Oligo has recently uncovered an alarming set of vulnerabilities that they’ve dubbed “AirBorne.” These vulnerabilities present serious risks to both Apple devices and autonomous third-party systems that leverage the AirPlay software development kit (SDK). These vulnerabilities facilitate zero- or one-click remote code execution (RCE). Privilege escalation attacks can directly allow attackers to bypass access control lists and user interactions to compromise user data or device functionality.
The AirBorne vulnerabilities enable local arbitrary file reads and information disclosures, as well as adversary-in-the-middle (AitM) attacks. In addition, they can cause denial-of-service (DoS) conditions, making it critical for users to patch their devices. The seriousness of these defects has led Oligo to recommend that all users install the most recent software patches as soon as possible.
Details of the Vulnerabilities
Among the other vulnerabilities found was CVE-2025-24132 and CVE-2025-30422, both patched in AirPlay audio SDK version 2.7.1. The patches further reach AirPlay video SDK 3.6.0.126 and the CarPlay Communication Plug-in R18.1.
Oligo highlights that attackers can take advantage of these vulnerabilities in five key ways. This would now allow them to gain control of any device that uses AirPlay. This affects not just Apple devices but third-party systems that use the AirPlay SDK.
“These vulnerabilities can be chained by attackers to potentially take control of devices that support AirPlay – including both Apple devices and third-party devices that leverage the AirPlay SDK,” – Uri Katz, Avi Lumelsky, and Gal Elbaz.
As of writing, operating systems including Windows, MacOS, and many flavors of Linux have patched these vulnerabilities. These are iOS 18.4, iPadOS 18.4 and macOS such as Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. Moreover, in parallel to iOS, tvOS 18.4 and visionOS 2.4 have rolled out these required patches.
Recommendations for Users
In light of these findings, Oligo recommends that users stay aware and take the initiative to ensure that software is updated. Both personal and corporate-owned devices should be updated immediately to reduce the threat level that these vulnerabilities present.
“Security leaders also need to provide clear communication to their employees that all of their personal devices that support AirPlay need to also be updated immediately,” – Oligo.
Organizations are especially advised to scrutinize their corporate Apple devices and any other machines that use AirPlay. Full exposure Immediate patching to the most up-to-date code versions are crucial to protect organizations against future exploits that result from these vulnerabilities.
“For organizations, it is imperative that any corporate Apple devices and other machines that support AirPlay are updated immediately to the latest software versions,” – Oligo.