Many people mistakenly believe that iPhones are completely protected from malware—but that’s not entirely true.
According to researchers, a series of serious security flaws, collectively known as ‘AirBorne,’ could allow attackers to take control of Apple devices like iPhones, Macs, and even vehicles through Apple’s AirPlay feature.
Researchers at Oligo Security announced they uncovered 23 vulnerabilities within AirPlay, the wireless streaming technology that enables Apple users to share media with other smart devices.
Following their investigation, the team demonstrated 17 unique methods by which these flaws could be exploited, potentially putting billions of wireless-enabled devices at risk of remote attacks.
The serious threat to security involves two Common Vulnerabilities and Exposures, which are weak spots in the software and can wreak havoc if the iPhone user opens specific photos and videos.
In other words, if an iPhone processes a malicious photo or video that doesn’t follow expected rules, unexpected and malicious code execution could ensue.
Apple is working with Oligo and is warning its 1.8 billion users about a newly discovered security flaw that could give cybercriminals access to private information on their devices, including messages, photos and app data, according to Daily Mail.
Apple addressed these issues with updates rolled out on March 31, including iOS 18.4, macOS Sequoia 15.4, and tvOS 18.4.
Still, tens of millions of third-party devices using AirPlay could remain exposed if manufacturers delay issuing their own patches.
To reduce the risk, users should disable AirPlay receivers through device settings and limit AirPlay access to the “Current User” only.
Installing reliable security software on Apple devices also helps mitigate threats, especially since AirPlay operates continuously in the background.
(AP Photo/Luca Bruno)AP
THREAT OF AIRBORNE IS ENORMOUS
With around 1.8 billion iPhones and another 500 million AirPlay-compatible devices in use globally, the scale of the AirBorne threat is enormous—particularly given its potential to spread attacks across entire networks.
Apple collaborated closely with Oligo to carefully identify and resolve a series of security vulnerabilities, with the shared aim of enhancing user protection.
In response, Apple released updated software versions to mitigate these issues and users are encouraged to download the updates.
During the responsible disclosure process, Oligo shared detailed documentation, procedures, and code related to the discovered vulnerabilities.
In total, Oligo reported 23 vulnerabilities to Apple; a full list of these, along with descriptions and potential attack scenarios, is provided here.