Apple(US:AAPL) Huan Qiu Wang·2025-04-30 05:47Core Viewpoint - A series of vulnerabilities named "Airborne" affecting millions of Apple devices and accessories have been disclosed by cybersecurity company Oligo, which could allow attackers to exploit these weaknesses through the AirPlay feature [1][4]. Group 1: Vulnerability Details - The "Airborne" vulnerabilities allow attackers to control AirPlay-enabled devices over the same Wi-Fi network and spread malware to other connected devices, particularly in crowded areas like public Wi-Fi and commercial spaces [4]. - Oligo researchers identified a total of 23 vulnerabilities, with Apple releasing patches for 17 of them tracked by CVE, and providing updates to third-party manufacturers for the AirPlay SDK [4]. Group 2: Potential Threats - Attackers can use the vulnerabilities for complex threats such as ransomware attacks, supply chain attacks, remote code execution, user interaction bypass, denial of service attacks, and man-in-the-middle attacks [4]. - The vulnerabilities also affect Apple CarPlay, where attackers could potentially hijack the car's computer system if they connect via Bluetooth or USB, although such attacks are rare due to the need for physical access [4]. Group 3: Recommendations and Warnings - Oligo recommends that users promptly upgrade their iOS, iPadOS, macOS, tvOS, and visionOS to the latest versions and disable the AirPlay Receiver feature on Macs or restrict AirPlay access to current users to mitigate risks [4]. - Oligo's CTO, Gal Elbaz, warned that tens of millions of third-party AirPlay devices may still be unpatched, with some devices potentially never having been updated, which increases the scope of potential security threats [5].