In a chilling discovery disclosed by cybersecurity firm Oligo Security, a series of newly identified vulnerabilities—collectively dubbed “AirBorne”—have been found in Apple’s AirPlay feature, threatening the security of over a billion devices. AirPlay, a popular protocol used to wirelessly share audio, video, and photos between Apple and AirPlay-enabled smart devices, can reportedly be exploited by attackers connected to the same Wi-Fi network.
Researchers say the vulnerabilities allow hackers to infiltrate and fully take over affected devices, using them as launching pads for additional attacks. The exploitation, transmitted wirelessly via Wi-Fi, can lead to the deployment of malware, unauthorized data access, or even microphone hijacking for eavesdropping.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
Although Apple has already patched many of the vulnerabilities on its own devices through recent software updates, Oligo Security cautions that millions of third-party AirPlay-enabled devices—such as smart speakers and televisions—remain vulnerable. Devices manufactured prior to the latest security updates may take years to receive patches, if ever.
The Wi-Fi Trap: Shared Networks, Shared Risks
The danger, experts say, stems from the simplicity of the attack vector. A hacker merely needs to connect to the same Wi-Fi network as a victim—such as in a café, airport, or co-working space. Once within range, they can leverage flaws in AirPlay’s protocol stack to infiltrate devices without any user interaction.
Oligo Security, headquartered in Tel Aviv, claims it reported 23 vulnerabilities to Apple, many of which have been addressed. But the firm warns that users are “not entirely safe” due to the massive footprint of third-party devices still using outdated software.
Gal Elbaz, co-founder and CTO of Oligo, estimated tens of millions of devices remain exposed globally. “Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch—or they will never be patched,” he told WIRED. Apple, in a statement to news.com.au, confirmed it has rolled out fixes on its platforms and made updates available for third-party manufacturers.
Mitigation, Not Immunity: What Users Can Do
Despite the severity of the issue, users are not powerless. Apple advises users to install the latest software updates on all devices, including iPhones, iPads, and Macs. Additionally, users are encouraged to disable AirPlay when not in use or restrict it to “trusted devices only” in settings. Oligo further recommends setting “Allow AirPlay for” to “Current user” to reduce the risk of unauthorized device pairing.
However, these precautions only mitigate the risk—they don’t eliminate it entirely. Oligo noted that these steps “do reduce the protocol’s attack surface” but don’t prevent all forms of potential exploitation.
Adding to the controversy, Apple has also publicly warned iPhone users to delete Google Chrome over privacy concerns. In a promotional video, Apple criticized Google’s now-defunct FLoC tracking technology, arguing Safari offers more robust privacy protections. Experts echoed the sentiment: “Safari is more secure and privacy-friendly than Chrome, but Chrome is faster and offers enhanced performance,” said Elly Hancock from Private Internet Access.
As of January 2025, Apple reported 2.35 billion active devices worldwide—making the implications of this vulnerability far-reaching and urgent.