Security researchers at Oligo have discovered critical vulnerabilities in Apple’s AirPlay protocol and software development kit that could be exploited by hackers to infect other devices on your network. The bugs, dubbed “AirBorne,” allow attackers to spread malware across local networks, access sensitive information, and even take control of smart speakers.
Apple has already patched these issues for its own devices, but non-Apple-made AirPlay devices remain vulnerable. Users who connect to public Wi-Fi networks with outdated or unpatched devices risk being targeted by hackers. Additionally, CarPlay devices are also at risk, particularly if they’re connected to a car’s Wi-Fi hotspot using an easily guessable password.
With tens of millions of third-party AirPlay devices in use, including standalone speakers and home theater systems, the potential attack surface is vast. While Apple has created patches for some affected devices, a cybersecurity expert notes that the company doesn’t directly control the patching process for third-party devices, leaving many at risk.
Source: https://www.theverge.com/news/657873/apple-airplay-carplay-vulnerabilities-bugs-security-risk