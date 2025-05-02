A major security alert has been issued for Apple users, with cybersecurity firm Oligo revealing 23 critical vulnerabilities in the AirPlay feature.

The flaw, dubbed ‘AirBorne’, could allow hackers on the same Wi-Fi network to hijack devices, install malware, and potentially spread attacks across entire networks.

While Apple has patched the vulnerabilities in its own devices with updates released on March 31, the wider threat lies in third-party AirPlay-compatible gadgets such as smart TVs, speakers, and receivers, many of which remain unpatched. Oligo warns that tens of millions of these devices could still be exploited.

“Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch – or they will never be patched,” said Oligo CTO Gal Elbaz.

The AirBorne flaws can allow attackers to remotely execute code, crash systems, access private data, and even activate microphones for eavesdropping, all without user interaction.

The exploits require the attacker to be on the same Wi-Fi network, making public hotspots like cafés, airports and offices high-risk environments.

Among the affected systems is Apple’s CarPlay, although those attacks require physical access via USB or Bluetooth, making them less likely.

Apple has confirmed that the bugs affecting iPhones, iPads, Macs, and Vision Pro have been addressed. However experts urge users to not only update all Apple devices immediately, but also disable AirPlay when not in use to reduce exposure.

Oligo initially discovered the vulnerabilities last year and worked with Apple to deploy fixes. But for third-party devices, users are advised to check with manufacturers for updates if they exist.