Security researchers at Oligo Security have discovered 23 security vulnerabilities in Apple AirPlay that expose billions of Apple devices to the risk of data theft and unauthorised access.

Security researchers at Oligo Security have discovered a total of 23 security vulnerabilities in Apple’s proprietary wireless streaming format AirPlay that could allow hackers on the same Wi-Fi network to take control. The CVE-2025-24252 and CVE-2025-24132 vulnerabilities are particularly dangerous because they could enable worm attacks in which malware is automatically distributed across the network. This would allow attackers to inject spyware or ransomware, for example. In addition, the security researchers’ investigations revealed that many basic AirPlay commands were accessible without any major security precautions. The vulnerabilities often relate to the way the AirPlay software processes data in its proprietary “plist” file format.

Using an example, the CVE-2025-24129 security vulnerability, the security researchers demonstrate how hackers could exploit the vulnerabilities. The AirPlay software does not sufficiently check the data type it receives in plist format. If it receives something other than what it expected, this can cause the programme to crash. Attackers then exploit this vulnerability and intercept communications by taking the place of the crashed device on the network.

AirBorne affects billions of devices worldwide, from iPhones and Macs to third-party devices, including cars that use CarPlay. And this is precisely where the big problem lies: Apple has released a security update for its own devices and provided third-party vendors with fixes to address the security vulnerabilities in their software. However, not all manufacturers are responding with the necessary urgency, assuming it is even possible to update the devices without significant effort. This leads to another problem, because manufacturers not only have to make the updates available, but also have to get their customers to install them. And especially with devices that require more than a few clicks to update, the willingness to do so is often low.

If you want to be on the safe side, you should only use AirPlay on secure Wi-Fi networks. This also means refraining from using it on public networks.