Crucial Notification for Apple AirPlay Users: Refresh Your Device and Adhere to These Instructions

Uncategorized Mihnea


Cybersecurity experts at Oligo have discovered 23 security weaknesses impacting Apple’s AirPlay functionality, which led Apple to release over a dozen remedies in reaction. These vulnerabilities, known collectively as “AirBorne,” present a considerable threat to Apple devices and third-party products utilizing the AirPlay Software Development Kit (SDK).

As stated in Oligo’s official blog, these weaknesses create opportunities for various cyberattacks, such as Zero-Click Remote Code Execution (RCE), Man-in-the-Middle (MitM) intrusions, and Denial of Service (DoS) incidents. Such exploits may enable cybercriminals to seize control of devices like iPhones, iPads, MacBooks, and even smart home products that connect through AirPlay.

Fortunately, Apple users can safeguard themselves with a few straightforward measures. Primarily, updating devices to the latest versions of macOS, iOS, iPadOS, and other Apple operating systems will fix the identified vulnerabilities. Apple has issued updates to address these concerns across several platforms, including:

– macOS Sequoia 15.4
– macOS Sonoma 14.7.5
– macOS Ventura 13.7.5
– iOS 18.4
– iPadOS 18.4
– iPadOS 17.7.6
– tvOS 18.4
– visionOS 2.4

In addition to performing updates, cybersecurity advisors suggest turning off AirPlay when it is not in use and restricting AirPlay access to only trusted devices. Users can also bolster security by modifying AirPlay settings to permit connections solely from the current user.

The AirBorne vulnerabilities could have enabled intruders to deploy malware, expropriate sensitive information, or commandeer control of the compromised devices. This danger transcended Apple’s ecosystem, jeopardizing third-party smart devices that are AirPlay compatible.

Oligo collaborated closely with Apple to pinpoint and rectify the issues, leading to the assignment of 17 Common Vulnerabilities and Exposures (CVEs). CVEs serve as unique identifiers for cataloging publicly disclosed cybersecurity vulnerabilities. Some of the recently issued CVEs include CVE-2025-24252 and CVE-2025-24206, which were recorded in the National Vulnerability Database on April 28, 2025.

For further detailed technical insights, users can consult Oligo’s comprehensive report on the AirBorne vulnerabilities.

SEE ALSO: Apple issues spyware attack alerts to affected users.