AirBorne: The AirPlay Vulnerability That Lets Attackers Into Your Mac Without a Click
In late April 2025, a security research team at Oligo Security publicly disclosed something that stopped me mid-scroll. They had found a cluster of 23 vulnerabilities in Apple's AirPlay protocol, and some of them were zero-click and wormable. They named the collection "AirBorne."
If you are not a security person, those two words might not mean much. But in the vulnerability research world, zero-click and wormable together is about as bad as it gets. It means an attacker can compromise your Mac without you doing anything at all, and once they are in, the attack can spread to other devices on the same network automatically.
I follow Mac security research closely. I read the Oligo blog post the day it dropped, and it is one of the most significant Apple vulnerability disclosures in recent memory. Here is what you need to know.
What AirBorne actually is
AirBorne is not a single vulnerability. It is a collection of 23 security flaws discovered by researchers Uri Katz, Gal Elbaz, and Avi Lumelsky at Oligo Security. Apple issued 17 CVEs in response to their findings.
These vulnerabilities affect Apple's AirPlay protocol, which is the technology that lets you stream audio, video, and screen content between Apple devices. AirPlay is built into every Mac, iPhone, iPad, and Apple TV. It is also licensed to third-party manufacturers through the AirPlay SDK, which means it runs on tens of millions of speakers, smart TVs, and set-top boxes from companies like Samsung, LG, Sony, Bose, and many others.
The vulnerabilities range in severity from denial-of-service bugs to full remote code execution. The most critical ones allow an attacker on the same Wi-Fi network as your Mac to take complete control of it without you clicking, tapping, or interacting with anything.
The key CVEs
Not all 17 CVEs are equally dangerous. Here are the ones that matter most.
CVE-2025-24252 is a use-after-free vulnerability in macOS, rated critical at CVSS 9.8. A use-after-free happens when software continues to reference memory after it has been freed and potentially reallocated. The Oligo team weaponized this into a "write-what-where" primitive -- arbitrary data to arbitrary memory locations. That is a direct path to remote code execution.
CVE-2025-24206 is an authentication bypass. AirPlay normally requires you to click "Accept" when a device tries to connect. This vulnerability lets an attacker skip that prompt entirely.
Chain them together and you get zero-click remote code execution on any Mac with AirPlay Receiver set to "Anyone on the Same Network" or "Everyone." Crafted packet, memory corruption, authentication bypass, full control. The victim sees nothing.
CVE-2025-24132 is a stack-based buffer overflow that affects devices using the AirPlay SDK. This one is particularly concerning because it enables zero-click RCE on third-party AirPlay speakers and receivers regardless of their configuration.
Other notable CVEs in the collection include CVE-2025-24137 (type confusion), CVE-2025-30422 (integer overflow), and CVE-2025-24270 (information disclosure that could leak sensitive data).
What "zero-click" and "wormable" mean
These terms get thrown around in headlines, so let me be specific about what they mean in this context.
Zero-click means the victim does not need to do anything for the attack to succeed. They do not need to click a link, open a file, accept a connection, or interact with their device in any way. The attack exploits a vulnerability in code that processes incoming network data before any user interaction is involved. Your Mac just needs to be on and connected to the same network as the attacker.
Wormable means the attack can propagate automatically from one compromised device to another without any additional action from the attacker. Imagine a scenario: someone compromises one Mac on a corporate network. That Mac then automatically scans for other AirPlay-enabled devices on the same network and compromises them too. Each newly infected device does the same thing. One initial exploitation turns into a full network compromise.
The Oligo researchers described a realistic scenario: a victim's MacBook gets compromised on coffee shop Wi-Fi, then later connects to their corporate network. The worm spreads from that MacBook to every AirPlay-enabled device in the office. No additional attacker involvement needed.
How the attack works
Here is the technical flow, simplified.
The attacker needs to be on the same network as the target. Public Wi-Fi at a cafe, a hotel, an airport, a co-working space, or any shared network. AirPlay-enabled devices announce themselves on the local network via mDNS (multicast DNS), so finding targets is trivial.
The attacker sends a specially crafted AirPlay request to the target Mac. This request exploits the use-after-free vulnerability (CVE-2025-24252) in the AirPlay receiver code. The authentication bypass (CVE-2025-24206) ensures that the Mac processes the malicious request without ever showing the user a prompt.
The memory corruption gives the attacker arbitrary code execution. They can install persistent malware, exfiltrate data, access the camera and microphone, or use the compromised Mac as a launchpad to attack other devices on the network. The worm component then scans for other AirPlay-enabled devices and repeats the attack automatically.
Why this is a big deal
Several things make AirBorne especially concerning.
AirPlay Receiver is enabled by default on macOS. Most Mac users have never gone into their AirPlay settings. If you have not explicitly turned it off, it is on.
The default configuration is vulnerable. The "Anyone on the Same Network" setting, which is one of the default AirPlay Receiver configurations, is exactly the setting that makes the zero-click chain exploitable.
The attack surface is enormous. Apple reported 2.35 billion active Apple devices as of January 2025. Beyond that, tens of millions of third-party devices use the AirPlay SDK.
Public and shared networks are everywhere. The requirement that the attacker be on the same network sounds like a limitation, but it is not much of one. Every coffee shop, hotel, airport, conference venue, and co-working space puts you on a shared network with strangers.
Third-party devices are the long tail risk. Apple patched their own devices. But third-party speakers, TVs, and receivers that use the AirPlay SDK often have no update mechanism at all. Oligo Security warned that some of these devices "will linger vulnerable for years." These devices become permanent, unpatched attack vectors on any network they are connected to.
What Apple did
Apple was responsive. Oligo reported the vulnerabilities through responsible disclosure, and Apple released patches across their ecosystem.
The fixes shipped in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, iOS 18.4, iPadOS 18.4, tvOS 18.4, and visionOS 2.4 on March 31, 2025. One of the CVEs (CVE-2025-24137) was actually patched earlier in macOS Sequoia 15.3 on January 27, 2025.
Apple also released updated AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1 for third-party manufacturers. But whether those manufacturers actually push firmware updates to their devices is another question entirely.
If you have updated your Mac since April 2025, you are patched against the Apple-side vulnerabilities. If you are reading this and have not updated, do it now. Go to System Settings, then General, then Software Update.
How to protect yourself
Even with the patch installed on your Mac, there are steps worth taking. The broader network risk from unpatched third-party devices means defense in depth matters here.
Update your Mac immediately
This is the obvious one. If you have not installed macOS Sequoia 15.4 or later (or the equivalent patches for Sonoma and Ventura), you are still vulnerable to the zero-click chain. Check System Settings, then General, then Software Update.
For a broader look at what those patches cover, I wrote about the latest macOS Sequoia security updates.
Disable AirPlay Receiver if you do not use it
If you do not regularly use AirPlay to receive content on your Mac from other devices, turn it off entirely. Go to System Settings, then General, then AirDrop and Handoff, and toggle AirPlay Receiver to off.
If you do use AirPlay, at minimum change the setting from "Anyone on the Same Network" to "Current User." This limits AirPlay connections to devices signed into your Apple Account, which significantly reduces the attack surface.
I cover this and other important toggles in Mac security settings you should change.
Be cautious on public Wi-Fi
AirBorne requires the attacker to be on the same network. Public Wi-Fi at cafes, hotels, airports, and conferences is the most obvious attack vector. If you are on a public network, make sure AirPlay Receiver is off or restricted to Current User only. A VPN adds a layer of isolation on public networks, though it does not prevent all local network attacks.
Enable the macOS firewall
Go to System Settings, then Network, then Firewall, and make sure it is turned on. The macOS firewall blocks unauthorized incoming connections. Since the AirBorne attack relies on sending crafted packets to your Mac's AirPlay receiver port (port 7000), a properly configured firewall can help block unexpected incoming AirPlay traffic.
Monitor network activity on your Mac
This is the piece that most people miss. Even if your Mac is patched, unpatched third-party devices on your network can still be compromised and used as pivot points for other attacks. Knowing what is connecting to your Mac and what your Mac is connecting to gives you visibility into things that patches alone cannot cover.
This is something I built CoreLock to help with. It monitors your Mac's network connections in real time so you can see exactly what processes are communicating and where they are reaching out to. If something on your network starts behaving abnormally, you will know. You can download CoreLock here if you want that kind of visibility.
Audit your network for AirPlay devices
Take inventory of AirPlay-enabled devices on your home or office network. Smart TVs, wireless speakers, streaming boxes. Check if any of them have firmware updates available. If they do not and cannot be updated, consider whether they need to be on your primary network, or whether you can isolate them on a separate VLAN or guest network.
The bigger picture
AirBorne is a textbook example of why patching your own device is necessary but not sufficient. You can update your Mac the day a patch drops and still be on a network with a vulnerable Sonos speaker, an old Samsung TV, or a hotel room media system that will never see a firmware update.
The AirPlay SDK is embedded in devices across dozens of manufacturers. Many have no automatic update mechanism, no way for the average user to check firmware versions, and no security team monitoring for vulnerabilities. Oligo's warning that some of these devices will remain vulnerable for years is not hyperbole. It is the reality of IoT security.
This is why I keep building CoreLock around visibility and monitoring rather than just threat detection. Signature-based detection catches known threats, but it will not help when the threat is coming from a trusted device on your own network with an unpatched AirPlay stack. Seeing what is happening on your network and being alerted when something changes is the layer that actually matters here.
If you are interested in understanding more about what macOS does and does not protect you from, I wrote a longer piece on whether Macs actually need antivirus in 2026. The short answer is that Apple's built-in protections are good, but they are not designed to give you visibility into network-level threats like AirBorne.
Stay patched. Disable what you do not use. Monitor what you cannot patch. That is the playbook.