Table of contents
- An ecosystem hit at its core: AirPlay becomes a weapon for hackers
- What are “zero-click wormable” attacks and why are they so dangerous?
- Not just iPhones: CarPlay, speakers, and smart TVs at risk
- How to protect yourself: 3 immediate actions
An ecosystem hit at its core: AirPlay becomes a weapon for hackers
In recent days, one of the most dangerous vulnerabilities in the recent history of Apple’s ecosystem has come to light. Its name is AirBorne, and it hides where few would expect — within AirPlay, the system we use daily to stream music or video to TVs, speakers, Macs, and even cars via CarPlay. But this time, what’s being transmitted isn’t songs or movies — it’s malware.
The flaw was discovered by the cyber security company Oligo Security, which identified 23 issues in the AirPlay protocol, 17 of which have been officially acknowledged. Some of these are zero-click and wormable, meaning they require no interaction from the user. Simply sharing the same Wi-Fi network with an attacker is enough — and just like that, you’re compromised.
What are “zero-click wormable” attacks and why are they so dangerous?
These aren’t your typical viruses. They’re advanced exploits that take advantage of coding flaws to infiltrate devices without any user action. If AirPlay is active and set to allow access to “everyone on the same network,” your device is vulnerable. Connecting to a public Wi-Fi network — in a hotel, airport, or café — could be all it takes to become a target.
And the danger doesn’t end there. These attacks can spread from device to device, meaning that once you return home, you could unknowingly infect your work Mac, smart speaker in the kitchen, or Apple TV in the living room.
Not just iPhones: CarPlay, speakers, and smart TVs at risk
Simulations show that even CarPlay, HomePod speakers, and AirPlay-compatible smart TVs can be compromised. In the worst cases, hackers could:
- Activate your microphone or speakers
- Display unauthorized images on your screen
- Eavesdrop on conversations
- Track vehicle movements
Such an attack isn’t just a breach of privacy — it can endanger physical safety, distracting drivers and potentially causing accidents.
How to protect yourself: 3 immediate actions
The good news? You can protect yourself — but action is needed now:
- Update All Apple Devices Immediately
Make sure you’re running secure versions:- iOS 18.4 or later
- macOS Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5
- Latest versions of iPadOS, tvOS, and visionOS
- Disable AirPlay If Not in Use
If you don’t need it, turning off AirPlay greatly reduces your exposure. - Restrict Connections
Set “Allow AirPlay from” to “Current User” to block unauthorized access.
Lastly, consider installing reliable security software on your Mac and iPhone. The belief that Apple devices are immune to threats is a myth that urgently needs debunking.
