Saturday, 30 August 2025
28.7 C
Singapore
28.7 C
Thailand
20.3 C
Indonesia
28 C
Philippines

AirPlay flaws could let hackers spread malware through your network

AirPlay bugs could let hackers attack your devices and spread malware on your network. Update your Apple gear now to stay safe.

AirPlay, the wireless streaming feature many Apple users rely on daily, may be more vulnerable than you think. Cybersecurity firm Oligo has revealed several flaws in Apple’s AirPlay system that could let hackers take control of your devices and spread harmful software across your entire network.

These flaws—found in both the AirPlay protocol and the software developers use to build AirPlay features—were discovered by Oligo’s security researchers and reported by Wired on June 28. The vulnerabilities the team named “AirBorne” could allow hackers to break into your network if you’re not careful.

How the AirPlay bugs work

Oligo says two of the bugs are what experts call “wormable.” That means a hacker could take over a single AirPlay device and use it to spread malware across every other device connected to the same network. While this might sound alarming, the attacker must be on your Wi-Fi network — they can’t break in from the outside.

If they are on your network, the risks increase. Oligo warns that attackers could run their code on your devices (a method known as an RCE, or remote code execution, attack). They could steal your files, listen to conversations, and even show unwanted images on screens like smart TVs or speakers. In one case, the team showed how an AirPlay-enabled Bose speaker could display a hacker-controlled image or eavesdrop by turning on the speaker’s microphone.

The threat isn’t limited to Apple-made devices either. Oligo points out that many third-party products — such as smart TVs, standalone speakers, and home theatre systems — use AirPlay. These may still be vulnerable if they haven’t received security updates.

Public Wi-Fi and CarPlay risks

You might feel secure at home, but Oligo warns that the dangers grow when you connect to public networks like cafes, airports, or hotels. If your iPhone, iPad, or MacBook uses an older version of Apple’s software and connects to a shared Wi-Fi network, you could unknowingly open yourself to attack.

The risk also extends to CarPlay, the Apple system used in vehicles. According to Oligo, hackers could carry out an RCE attack through a car’s Wi-Fi hotspot — especially if the default password hasn’t been changed. Once inside the system, they could display images on your dashboard screen or even track your car’s location.

Apple has responded — but you still need to update

Apple has already patched these bugs in its latest software updates, which means you should be protected if you’re using Apple’s most recent operating systems. However, the same can’t be said for third-party devices using AirPlay. While Apple has released patches that other companies can apply, it doesn’t directly control how or when they do so.

A cybersecurity expert told Wired that each manufacturer is responsible for updating their products—and that doesn’t always happen quickly.

Oligo reminds users that millions of third-party AirPlay devices are in homes and vehicles worldwide. CarPlay, in particular, is found in over 800 vehicle models. That means the potential for harm is widespread, especially for those who don’t regularly update their systems or use default passwords.

To protect yourself, ensure your devices are running the latest Apple software, avoid public Wi-Fi when possible, and constantly update any third-party gear you use for streaming.

Hot this week

Best monitors to buy in 2025 for gaming, work, and creativity

Discover the best monitors of 2025 with top picks for gaming, work, and creativity, offering speed, accuracy, and stunning visuals.

Apple shifts more iPhone production to India amid tariff concerns

Apple will ship its full iPhone 17 lineup from India for the first time, as it reduces reliance on China amid tariff tensions.

HPE introduces agentic AI innovations for self-driving network operations

HPE enhances its Juniper Mist platform with new agentic AI features, bringing self-driving capabilities to network operations.

Thinking Machines partners with OpenAI to accelerate AI adoption in Asia Pacific

Thinking Machines partners with OpenAI to expand enterprise AI adoption across Asia Pacific with training, app design, and leadership programmes.

Tecno and Dxomark unveil the first fully automated smartphone camera testing lab in China

TECNO and DXOMARK open the world’s first fully automated imaging lab in Chongqing to set new standards in smartphone camera testing.

Meta introduces new AI safeguards to protect teens from harmful conversations

Meta is strengthening AI safeguards to prevent teens from discussing self-harm and other sensitive topics with chatbots on Instagram and Facebook.

ChatGPT to introduce parental controls as AI safety concerns rise

OpenAI is introducing parental controls for ChatGPT, addressing growing concerns about the safety of AI chatbots and their impact on young users.

Japan uses an AI simulation of Mount Fuji’s eruption to prepare citizens

Japan uses AI to simulate a Mount Fuji eruption, showing its potential devastation and promoting disaster preparedness.

Anthropic updates Claude chatbot policy to use chat data for AI training

Anthropic will utilise Claude chatbot conversations for AI training starting from 28 September, with opt-out options and a five-year data retention policy.

Related Articles

Popular Categories