Luki w zabezpieczeniach AirPlay i CarPlay

Title: Millions of AirPlay devices are hackable over Carplay and Wi-Fi URL Source: https://www.perplexity.ai/page/millions-of-airplay-devices-ar-2280aDnoSd6LU4SwArTKUQ Markdown Content: Millions of AirPlay devices are hackable over Carplay and Wi-Fi A critical set of security vulnerabilities dubbed "AirBorne" has exposed billions of Apple and third-party devices using AirPlay and CarPlay to potential hacking over Wi-Fi networks, as reported by security researchers at Oligo Security. ![Image 1: User avatar](https://imagedelivery.net/MPdwyYSWT8IY7lxgN3x3Uw/60a62cd2-f597-4ace-4da6-90b3ddd76300/thumbnail) Curated by dailyed 3 min read Published 12 hours ago 10,602 395 +17 sources pinterest.com Vulnerability Scope and Impact The AirBorne vulnerabilities affect an extensive range of devices, including all Apple products that support AirPlay (iPhones, iPads, Macs, Apple TVs) and tens of millions of third-party AirPlay-enabled products such as smart speakers, TVs, receivers, and car infotainment systems.[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/)[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/) According to Oligo Security, over 2.35 billion active Apple devices and numerous IoT products are potentially exposed.[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/) These flaws allow attackers on the same Wi-Fi network to execute zero-click remote code execution attacks without requiring any user interaction.[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know)[6](https://appleinsider.com/articles/25/04/29/hackers-could-hijack-airplay-carplay-devices-using-set-of-airborne-flaws) Some vulnerabilities are "wormable," meaning malware can automatically spread between vulnerable devices on a network.[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[7](http://www.myapplemenu.com/2025/04/29/) The impact extends to various attack capabilities including bypassing access controls, reading local files, leaking sensitive information, causing denial-of-service conditions, and performing man-in-the-middle attacks.[8](https://www.zdnet.com/article/update-your-iphone-now-to-patch-a-carplay-glitch-and-two-serious-security-flaws/)[9](https://www.linkedin.com/posts/nicoleperlroth_millions-of-apple-airplay-enabled-devices-activity-7323041626262507521-clZg) CarPlay units face particular risks via Wi-Fi (especially with weak passwords), Bluetooth, and even USB connections, potentially allowing attackers to manipulate vehicle infotainment systems.[6](https://appleinsider.com/articles/25/04/29/hackers-could-hijack-airplay-carplay-devices-using-set-of-airborne-flaws)[10](https://support.apple.com/en-us/122403) 20 sources Technical Attack Vectors The vulnerabilities in Apple's AirPlay protocol stem from improper validation and open-access design, particularly in how it handles property lists (plists) and exposes commands over networks.[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/) These security flaws enable sophisticated attack vectors that don't require user interaction to execute. Attackers can exploit these vulnerabilities to achieve zero-click or one-click remote code execution, effectively taking complete control of targeted devices.[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/) Specific technical attack paths include: * Exploitation of the AirPlay protocol's authentication mechanisms * Manipulation of AirPlay's property list handling * Bypassing access control lists (ACLs) designed to restrict device access * Leveraging wormable characteristics to propagate malware across networks[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/)[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know) * Targeting port 7000, which AirPlay commonly uses for communication[6](https://appleinsider.com/articles/25/04/29/hackers-could-hijack-airplay-carplay-devices-using-set-of-airborne-flaws) When successful, these exploits allow attackers to read local files, extract sensitive information, crash devices through denial-of-service attacks, or perform man-in-the-middle operations to intercept communications between devices.[7](http://www.myapplemenu.com/2025/04/29/)[8](https://www.zdnet.com/article/update-your-iphone-now-to-patch-a-carplay-glitch-and-two-serious-security-flaws/) 20 sources Real-World Exploitation Scenarios Public Wi-Fi networks present a prime attack surface for AirBorne exploits, where attackers could compromise vulnerable devices at locations like airports or hotels, then use them as launchpads for further attacks when those devices connect to corporate or home networks.[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/)[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/) The vulnerabilities pose significant risks to smart home ecosystems and automotive systems in particular. In smart home environments, infected speakers or TVs could be weaponized for surveillance, ransomware distribution, or supply-chain attacks, with devices containing microphones potentially being repurposed for eavesdropping.[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/)[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/) For automotive applications, an estimated 800+ car models with wireless CarPlay functionality remain vulnerable to proximity-based attacks, potentially allowing hackers to manipulate infotainment systems, eavesdrop on in-car conversations, or even track vehicle locations.[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know) 20 sources Mitigation Recommendations Users should immediately install the latest updates for all Apple and AirPlay-enabled devices to protect against the AirBorne vulnerabilities. For enhanced security, disabling AirPlay receiver functionality on devices where it's not needed is recommended, along with restricting AirPlay access to trusted devices and implementing firewall rules to block port 7000[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/)[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/). Additional protective measures include configuring AirPlay permissions to "Current User" instead of "Everyone" to reduce exposure, and strengthening Wi-Fi security with robust, unique passwords-particularly for CarPlay and smart home devices[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/)[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/). While Apple has patched its own products in recent software updates, many third-party AirPlay-enabled devices, especially older models, may remain permanently vulnerable due to fragmented or non-existent update mechanisms[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/)[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know). 20 sources Related What immediate actions should I take to secure my AirPlay devices How can I identify if my AirPlay devices are affected by the AirBorne vulnerabilities Are there any recommended best practices for securing AirPlay devices in the future How effective are the latest updates in patching these vulnerabilities What steps can developers take to ensure their AirPlay-enabled products are secure Keep Reading [![Image 2: VisionPro's 'Gazeploit' Vulnerability](https://pplx-res.cloudinary.com/image/upload/t_thumbnail/v1726373941/server_uploads/wvyaoob4wwxbghs1vyvd.jpg) VisionPro's 'Gazeploit' Vulnerability According to recent reports, Apple has patched a significant security vulnerability in its Vision Pro mixed reality headset called "GAZEploit," which allowed attackers to potentially infer users' typed information, including passwords and messages, by analyzing their virtual avatars' eye movements during video calls. 11,699](https://www.perplexity.ai/page/visionpro-s-gazeploit-vulnerab-KHUJ92w4RdGnq3E.aI0glw)[![Image 3: Apple Chip Security Flaws](https://pplx-res.cloudinary.com/image/upload/t_thumbnail/v1738124596/url_uploads/Apple-WWDC22-M2-chip-hero-220606.jpg.og_muvpjp.png) Apple Chip Security Flaws According to recent reports from security researchers, two new vulnerabilities named SLAP and FLOP have been discovered in Apple's latest M-series and A-series chips, potentially allowing attackers to steal sensitive data like browsing history and credit card information from Safari and Chrome browsers on affected devices. 18,043](https://www.perplexity.ai/page/apple-chip-security-flaws-fnnp9Q3DRb28GqNvZP0Bzw)[![Image 4: iOS 18.4 CarPlay Issues](https://pplx-res.cloudinary.com/image/fetch/s--z3DsAtAV--/t_thumbnail/https://static1.howtogeekimages.com/wordpress/wp-content/uploads/2025/01/2023_civic_typer_0029_01.jpg) iOS 18.4 CarPlay Issues According to multiple reports from iPhone users, the recent iOS 18.4 update has caused widespread issues with Apple CarPlay functionality, including connectivity problems, missing dashboard information, and app integration bugs across various car models. 4,714](https://www.perplexity.ai/page/ios-18-4-carplay-issues-F8Iow4AsQaqKS62vnuTFVw)[![Image 5: Apple issues urgent security updates for iPhone and Mac users](https://pplx-res.cloudinary.com/image/fetch/s--b0GKeDbO--/t_thumbnail/https://www.macworld.com/wp-content/uploads/2023/07/ios-16.5.1a-update-16.jpg%3Fquality%3D50%26strip%3Dall) Apple issues urgent security updates for iPhone and Mac users Apple has released critical security updates across its devices to patch two zero-day vulnerabilities that were exploited in "extremely sophisticated" targeted attacks, as reported by Engadget. The updates for iOS 18.4.1, macOS Sequoia 15.4.1, and other Apple operating systems address serious flaws in CoreAudio and RPAC components that could allow attackers to execute malicious code or bypass security protections. 13,092](https://www.perplexity.ai/page/apple-issues-urgent-security-u-cuZdAa2LSAiwgk87J3hQ6A)

Title: Millions of AirPlay devices are hackable over Carplay and Wi-Fi

URL Source: https://www.perplexity.ai/page/millions-of-airplay-devices-ar-2280aDnoSd6LU4SwArTKUQ

Markdown Content:
Millions of AirPlay devices are hackable over Carplay and Wi-Fi

A critical set of security vulnerabilities dubbed "AirBorne" has exposed billions of Apple and third-party devices using AirPlay and CarPlay to potential hacking over Wi-Fi networks, as reported by security researchers at Oligo Security.

![Image 1: User avatar](https://imagedelivery.net/MPdwyYSWT8IY7lxgN3x3Uw/60a62cd2-f597-4ace-4da6-90b3ddd76300/thumbnail)

Curated by

dailyed

3 min read

Published

12 hours ago

10,602

395

+17 sources

pinterest.com

Vulnerability Scope and Impact

The AirBorne vulnerabilities affect an extensive range of devices, including all Apple products that support AirPlay (iPhones, iPads, Macs, Apple TVs) and tens of millions of third-party AirPlay-enabled products such as smart speakers, TVs, receivers, and car infotainment systems.[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/)[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/) According to Oligo Security, over 2.35 billion active Apple devices and numerous IoT products are potentially exposed.[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/)

These flaws allow attackers on the same Wi-Fi network to execute zero-click remote code execution attacks without requiring any user interaction.[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know)[6](https://appleinsider.com/articles/25/04/29/hackers-could-hijack-airplay-carplay-devices-using-set-of-airborne-flaws) Some vulnerabilities are "wormable," meaning malware can automatically spread between vulnerable devices on a network.[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[7](http://www.myapplemenu.com/2025/04/29/) The impact extends to various attack capabilities including bypassing access controls, reading local files, leaking sensitive information, causing denial-of-service conditions, and performing man-in-the-middle attacks.[8](https://www.zdnet.com/article/update-your-iphone-now-to-patch-a-carplay-glitch-and-two-serious-security-flaws/)[9](https://www.linkedin.com/posts/nicoleperlroth_millions-of-apple-airplay-enabled-devices-activity-7323041626262507521-clZg) CarPlay units face particular risks via Wi-Fi (especially with weak passwords), Bluetooth, and even USB connections, potentially allowing attackers to manipulate vehicle infotainment systems.[6](https://appleinsider.com/articles/25/04/29/hackers-could-hijack-airplay-carplay-devices-using-set-of-airborne-flaws)[10](https://support.apple.com/en-us/122403)

20 sources

Technical Attack Vectors

The vulnerabilities in Apple's AirPlay protocol stem from improper validation and open-access design, particularly in how it handles property lists (plists) and exposes commands over networks.[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/) These security flaws enable sophisticated attack vectors that don't require user interaction to execute. Attackers can exploit these vulnerabilities to achieve zero-click or one-click remote code execution, effectively taking complete control of targeted devices.[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/)

Specific technical attack paths include:

*   Exploitation of the AirPlay protocol's authentication mechanisms
    
*   Manipulation of AirPlay's property list handling
    
*   Bypassing access control lists (ACLs) designed to restrict device access
    
*   Leveraging wormable characteristics to propagate malware across networks[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/)[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know)
    
*   Targeting port 7000, which AirPlay commonly uses for communication[6](https://appleinsider.com/articles/25/04/29/hackers-could-hijack-airplay-carplay-devices-using-set-of-airborne-flaws)

When successful, these exploits allow attackers to read local files, extract sensitive information, crash devices through denial-of-service attacks, or perform man-in-the-middle operations to intercept communications between devices.[7](http://www.myapplemenu.com/2025/04/29/)[8](https://www.zdnet.com/article/update-your-iphone-now-to-patch-a-carplay-glitch-and-two-serious-security-flaws/)

20 sources

Real-World Exploitation Scenarios

Public Wi-Fi networks present a prime attack surface for AirBorne exploits, where attackers could compromise vulnerable devices at locations like airports or hotels, then use them as launchpads for further attacks when those devices connect to corporate or home networks.[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/)[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/) The vulnerabilities pose significant risks to smart home ecosystems and automotive systems in particular.

In smart home environments, infected speakers or TVs could be weaponized for surveillance, ransomware distribution, or supply-chain attacks, with devices containing microphones potentially being repurposed for eavesdropping.[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/)[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/) For automotive applications, an estimated 800+ car models with wireless CarPlay functionality remain vulnerable to proximity-based attacks, potentially allowing hackers to manipulate infotainment systems, eavesdrop on in-car conversations, or even track vehicle locations.[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/)[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know)

20 sources

Mitigation Recommendations

Users should immediately install the latest updates for all Apple and AirPlay-enabled devices to protect against the AirBorne vulnerabilities. For enhanced security, disabling AirPlay receiver functionality on devices where it's not needed is recommended, along with restricting AirPlay access to trusted devices and implementing firewall rules to block port 7000[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/)[2](https://securityonline.info/airborne-exploits-zero-click-wormable-rce-hits-apple-iot-devices/).

Additional protective measures include configuring AirPlay permissions to "Current User" instead of "Everyone" to reduce exposure, and strengthening Wi-Fi security with robust, unique passwords-particularly for CarPlay and smart home devices[3](https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/amp/)[1](https://9to5mac.com/2025/04/29/millions-of-airplay-devices-can-be-hacked-over-wi-fi-carplay-too/). While Apple has patched its own products in recent software updates, many third-party AirPlay-enabled devices, especially older models, may remain permanently vulnerable due to fragmented or non-existent update mechanisms[4](https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/)[5](https://www.tomsguide.com/computing/malware-adware/airplay-flaw-exposes-all-apple-devices-to-hacking-over-wi-fi-what-you-need-to-know).

20 sources

What immediate actions should I take to secure my AirPlay devices

How can I identify if my AirPlay devices are affected by the AirBorne vulnerabilities

Are there any recommended best practices for securing AirPlay devices in the future

How effective are the latest updates in patching these vulnerabilities

What steps can developers take to ensure their AirPlay-enabled products are secure

Keep Reading

[![Image 2: VisionPro's 'Gazeploit' Vulnerability](https://pplx-res.cloudinary.com/image/upload/t_thumbnail/v1726373941/server_uploads/wvyaoob4wwxbghs1vyvd.jpg) VisionPro's 'Gazeploit' Vulnerability According to recent reports, Apple has patched a significant security vulnerability in its Vision Pro mixed reality headset called "GAZEploit," which allowed attackers to potentially infer users' typed information, including passwords and messages, by analyzing their virtual avatars' eye movements during video calls. 11,699](https://www.perplexity.ai/page/visionpro-s-gazeploit-vulnerab-KHUJ92w4RdGnq3E.aI0glw)[![Image 3: Apple Chip Security Flaws](https://pplx-res.cloudinary.com/image/upload/t_thumbnail/v1738124596/url_uploads/Apple-WWDC22-M2-chip-hero-220606.jpg.og_muvpjp.png) Apple Chip Security Flaws According to recent reports from security researchers, two new vulnerabilities named SLAP and FLOP have been discovered in Apple's latest M-series and A-series chips, potentially allowing attackers to steal sensitive data like browsing history and credit card information from Safari and Chrome browsers on affected devices. 18,043](https://www.perplexity.ai/page/apple-chip-security-flaws-fnnp9Q3DRb28GqNvZP0Bzw)[![Image 4: iOS 18.4 CarPlay Issues](https://pplx-res.cloudinary.com/image/fetch/s--z3DsAtAV--/t_thumbnail/https://static1.howtogeekimages.com/wordpress/wp-content/uploads/2025/01/2023_civic_typer_0029_01.jpg) iOS 18.4 CarPlay Issues According to multiple reports from iPhone users, the recent iOS 18.4 update has caused widespread issues with Apple CarPlay functionality, including connectivity problems, missing dashboard information, and app integration bugs across various car models. 4,714](https://www.perplexity.ai/page/ios-18-4-carplay-issues-F8Iow4AsQaqKS62vnuTFVw)[![Image 5: Apple issues urgent security updates for iPhone and Mac users](https://pplx-res.cloudinary.com/image/fetch/s--b0GKeDbO--/t_thumbnail/https://www.macworld.com/wp-content/uploads/2023/07/ios-16.5.1a-update-16.jpg%3Fquality%3D50%26strip%3Dall) Apple issues urgent security updates for iPhone and Mac users Apple has released critical security updates across its devices to patch two zero-day vulnerabilities that were exploited in "extremely sophisticated" targeted attacks, as reported by Engadget. The updates for iOS 18.4.1, macOS Sequoia 15.4.1, and other Apple operating systems address serious flaws in CoreAudio and RPAC components that could allow attackers to execute malicious code or bypass security protections. 13,092](https://www.perplexity.ai/page/apple-issues-urgent-security-u-cuZdAa2LSAiwgk87J3hQ6A)

Transcript for:Luki w zabezpieczeniach AirPlay i CarPlay

Transcript for:
Luki w zabezpieczeniach AirPlay i CarPlay