AirBorne: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol
a year ago
- #Apple
- #Cybersecurity
- #Vulnerabilities
- Oligo Security Research discovered vulnerabilities in Apple's AirPlay Protocol and SDK, named 'AirBorne'.
- Vulnerabilities include Zero-Click RCE, One-Click RCE, ACL bypass, file read, info disclosure, MITM, and DoS.
- Affected devices include Apple products (Mac, iPhone, iPad, AppleTV) and third-party devices using AirPlay SDK.
- Demonstrated wormable exploits can spread malware across networks without user interaction.
- Apple and Oligo collaborated to address 23 vulnerabilities, leading to 17 CVEs.
- Attack scenarios vary by device and settings, from zero-click RCE on MacOS to one-click RCE on CarPlay.
- Recommendations include updating devices, disabling AirPlay receiver, and restricting AirPlay access.
- Other attack vectors beyond RCE include sensitive data exposure and remote user logout.