Apple AirPlay SDK Devices Vulnerable to Unauthorized Access—Urgent Update Required

Researchers have identified a series of vulnerabilities within Apple’s AirPlay SDK that pose significant risks to billions of users, potentially allowing unauthorized control of their devices.

AirPlay is Apple’s proprietary wireless protocol designed to facilitate the streaming of audio, video, photos, and screen mirroring from iPhones, iPads, or Macs to compatible devices such as Apple TV, HomePod, and other smart devices. The technology operates over Wi-Fi, eliminating the need for physical connections.

To address these vulnerabilities, Apple released updates on April 28, enhancing the security measures initially provided in the March 31 update, specifically for iOS 18.4 and iPadOS 18.4. This initial release was augmented by Rapid Security Responses (RSR), which are minor patches that Apple deploys between regularly scheduled updates.

For individuals who applied the March 31 update, their systems are likely secure; however, it is advisable for all users to verify the availability of updates. To ensure you are using the latest version, navigate to Settings > General > Software Update and confirm that your device is running iOS 18.4.1 or iPadOS 18.4.1. Enabling Automatic Updates on this screen is also recommended.

The most recent macOS version is 15.4.1, while tvOS and watchOS updates stand at 18.4.1 and 11.4 respectively. The latest version for visionOS is 2.4.1.

The AirPlay SDK serves as a toolkit that allows developers to integrate streaming functionalities into their applications seamlessly. By utilizing this SDK, applications can facilitate the wireless streaming of content to AirPlay-compatible devices without cumbersome setup for users.

The disclosed vulnerabilities enable an attacker on the same local network to potentially hijack AirPlay-supporting devices, including both Apple and third-party devices utilizing the AirPlay SDK.

Researchers caution that these vulnerabilities can be exploited with little to no user interaction, allowing attackers to execute remote code. They can also facilitate man-in-the-middle attacks, denial-of-service disruptions, and bypass user access controls, resulting in unauthorized access to sensitive data and local files. Given the severity of these risks, immediate action is required to mitigate potential impacts.

In total, the researchers disclosed 23 vulnerabilities to Apple, resulting in the issuance of 17 Common Vulnerabilities and Exposures (CVEs). A comprehensive enumeration and description of these CVEs, along with the specific attack vectors they enable, can be accessed through dedicated cybersecurity resources.

Among the most critical vulnerabilities are:

– CVE-2025-24252: A use-after-free vulnerability that enables a remote attacker to execute arbitrary code. When exploited with CVE-2025-24206, this vulnerability allows for zero-click remote code execution on other vulnerable AirPlay devices within the same network, earning a CVSSv3.1 score of 9.8 out of 10.

– CVE-2025-24206: This vulnerability permits attackers to bypass authentication and conduct unauthorized activities without needing user interaction when combined with other vulnerabilities.

– CVE-2025-24132: This stack-based buffer overflow vulnerability could enable zero-click remote code execution on vulnerable AirPlay devices and allow potential leakage of sensitive information through eavesdropping.

While the attacker must be on the same network to exploit these vulnerabilities, the required interaction with the targeted devices is minimal.

Mitigation Strategies

To reduce the risk of exploitation, users are encouraged to follow general guidelines tailored to the types of devices they are using:

– Ensure that all devices are running the latest software updates.
– Utilize reputable malware protection solutions to secure devices.
– Disable AirPlay if not in use, or configure it to prompt user interaction as a minimum safeguard.
– Disable the AirPlay Receiver when not in operation.
– Exercise caution on public networks, as vulnerabilities can proliferate in crowded environments such as airports or hotels. It is advisable to avoid unsecured Wi-Fi in these settings.
– Restrict AirPlay access by modifying settings to allow usage only for the current user, thereby minimizing the attack surface.

Staying informed about security updates and implementing protective measures is essential in safeguarding against the evolving landscape of cybersecurity threats.