Wednesday, 21 May 2025
27.1 C
Singapore
29.6 C
Thailand
20.7 C
Indonesia
29 C
Philippines

AirPlay flaws could let hackers spread malware through your network

AirPlay bugs could let hackers attack your devices and spread malware on your network. Update your Apple gear now to stay safe.

AirPlay, the wireless streaming feature many Apple users rely on daily, may be more vulnerable than you think. Cybersecurity firm Oligo has revealed several flaws in Apple’s AirPlay system that could let hackers take control of your devices and spread harmful software across your entire network.

These flaws—found in both the AirPlay protocol and the software developers use to build AirPlay features—were discovered by Oligo’s security researchers and reported by Wired on June 28. The vulnerabilities the team named “AirBorne” could allow hackers to break into your network if you’re not careful.

How the AirPlay bugs work

Oligo says two of the bugs are what experts call “wormable.” That means a hacker could take over a single AirPlay device and use it to spread malware across every other device connected to the same network. While this might sound alarming, the attacker must be on your Wi-Fi network — they can’t break in from the outside.

If they are on your network, the risks increase. Oligo warns that attackers could run their code on your devices (a method known as an RCE, or remote code execution, attack). They could steal your files, listen to conversations, and even show unwanted images on screens like smart TVs or speakers. In one case, the team showed how an AirPlay-enabled Bose speaker could display a hacker-controlled image or eavesdrop by turning on the speaker’s microphone.

The threat isn’t limited to Apple-made devices either. Oligo points out that many third-party products — such as smart TVs, standalone speakers, and home theatre systems — use AirPlay. These may still be vulnerable if they haven’t received security updates.

Public Wi-Fi and CarPlay risks

You might feel secure at home, but Oligo warns that the dangers grow when you connect to public networks like cafes, airports, or hotels. If your iPhone, iPad, or MacBook uses an older version of Apple’s software and connects to a shared Wi-Fi network, you could unknowingly open yourself to attack.

The risk also extends to CarPlay, the Apple system used in vehicles. According to Oligo, hackers could carry out an RCE attack through a car’s Wi-Fi hotspot — especially if the default password hasn’t been changed. Once inside the system, they could display images on your dashboard screen or even track your car’s location.

Apple has responded — but you still need to update

Apple has already patched these bugs in its latest software updates, which means you should be protected if you’re using Apple’s most recent operating systems. However, the same can’t be said for third-party devices using AirPlay. While Apple has released patches that other companies can apply, it doesn’t directly control how or when they do so.

A cybersecurity expert told Wired that each manufacturer is responsible for updating their products—and that doesn’t always happen quickly.

Oligo reminds users that millions of third-party AirPlay devices are in homes and vehicles worldwide. CarPlay, in particular, is found in over 800 vehicle models. That means the potential for harm is widespread, especially for those who don’t regularly update their systems or use default passwords.

To protect yourself, ensure your devices are running the latest Apple software, avoid public Wi-Fi when possible, and constantly update any third-party gear you use for streaming.

Hot this week

NVIDIA unveils DGX Cloud Lepton to expand global AI compute access

NVIDIA introduces DGX Cloud Lepton to connect developers with global GPU resources and launches Exemplar Clouds to boost AI infrastructure performance.

Logitech G515 Lightspeed TKL review: Slim design and top performance without breaking the bank

The Logitech G515 Lightspeed TKL offers slim design, low-latency wireless, and great battery life at a lower price, perfect for gamers and typists.

Circles.Life offers free access to GPT-4.1 through mobile plans in Singapore

Circles.Life launches CirclesAI with free GPT-4.1 access, becoming Singapore’s first telco to integrate AI tools into mobile plans.

Salesforce unveils research on digital labour and commits to training 7,500 AI-skilled workers in ASEAN

Salesforce research shows APAC HR leaders expect 450% growth in AI agents by 2027 and plan to reskill 21% of the workforce.

Singtel’s new 5G Priority plans offer 4x faster speeds and exclusive perks

Singtel’s new 5G+ Priority plans offer 4x faster speeds, better roaming, added security, and premium care with no contract needed.

Xiaomi launches 3-nanometre chip to rival Apple and Qualcomm

Xiaomi unveiled the 3-nm XRing O1 chip for its new phone and tablet, matching Apple and Qualcomm in the global semiconductor race.

US buyer activity rises on Alibaba.com after tariff pause agreement

US buyers flood Alibaba.com after a 90-day US-China tariff pause, boosting inquiries by over 40% and driving holiday stock orders early.

Razer’s new Blade 14 is thinner, lighter, and packed with full RTX 5070 power

Razer’s new Blade 14 is thinner and lighter, with full RTX 5070 power and a stunning OLED display. It starts at US$2,299.99.

Microsoft brings on-device AI to web apps in the Edge browser

Microsoft adds on-device AI to Edge, giving web apps access to Phi-4-mini for smart features like text editing and translation.

Related Articles

Popular Categories