If you use Apple AirPlay, you need to update your device and take these steps
This week, cybersecurity researchers with Oligo say they identified 23 vulnerabilities related to Apple AirPlay, leading Apple to issue over a dozen fixes.
Dubbed "AirBorne" by the researchers, the security vulnerabilities affect the Apple AirPlay network and could compromise various devices. According to an Oligo blog post, the researchers say the vulnerabilities "enable an array of attack vectors" that could allow "attackers to potentially take control of devices that support AirPlay — including both Apple devices and third-party devices that leverage the AirPlay [Software Development Kit]."
The Oligo blog outlines a number of potential attacks, including Zero-Click RCE, Man-in-the-Middle, and Denial of Service (DOS) attacks. But if you don't know what any of that means, that's OK — the solution for Apple users is fairly straightforward.
You May Also Like
Essentially, as long as you update your devices to the latest versions of macOS, iOS, and iPadOS, your devices should be safe. In addition, some cybersecurity experts recommend disabling the AirPlay feature entirely unless you're actively using it.
The "AirBorne" vulnerabilities would allow hackers to infect Apple devices with malware or seize control of the device, whether that's a MacBook or iPhone. They could then deploy malware or steal sensitive information. AirBorne also affected third-party devices connected to AirPlay, leaving smart Internet-of-things (IOT) devices at risk.
The researchers say they worked with Apple to "identify and address" the flaws, and that Apple issued 17 CVEs in response to the research.
In the cybersecurity world, CVE stands for Common Vulnerabilities and Exposures, and it refers to a specific identifying number associated with a publicly disclosed cybersecurity problem. In a national CVE database hosted by the National Institute of Standards and Technology, users can find a number of new CVEs published by Apple on April 28, 2025, such as CVE-2025-24252 and CVE-2025-24206.
The CVE description states that Apple fixed these bugs in "in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4."
Topics Apple Cybersecurity
Timothy Beck Werth is the Tech Editor at Mashable, where he leads coverage and assignments for the Tech and Shopping verticals. Tim has over 15 years of experience as a journalist and editor, and he has particular experience covering and testing consumer technology, smart home gadgets, and men’s grooming and style products. Previously, he was the Managing Editor and then Site Director of SPY.com, a men's product review and lifestyle website. As a writer for GQ, he covered everything from bull-riding competitions to the best Legos for adults, and he’s also contributed to publications such as The Daily Beast, Gear Patrol, and The Awl.
Tim studied print journalism at the University of Southern California. He currently splits his time between Brooklyn, NY and Charleston, SC. He's currently working on his second novel, a science-fiction book.
