Chilling hack warning for over 1 billion iPhone users

News.com.au

02-05-2025

Apple users are being warned about potential hacks after cybersecurity experts uncovered a series of concerning security flaws in the tech giant's Airplay feature, allowing attackers to infiltrate and take control of devices.
Oligo Security announced on Tuesday that it had discovered a new set of vulnerabilities affecting Airplay, which allows users to share audio, video, photos, and other content from Apple devices to other Airplay-enabled smart devices.
Researchers have dubbed the vulnerabilities 'AirBorne' as the attacks are transmitted via wireless networks and 'allow attackers to fully take over devices and use that access as a launch pad for further exploitation'.
This could include accessing sensitive data, deploying malware that spreads to devices that connect to the same network or using the device's microphone to listen to conversations.
Oligo, based in Tel Aviv, claimed bugs in the Airplay software development kit allow hackers to infiltrate Airplay-enabled devices, such as speakers or smart TVs if they are connected to the same Wi-Fi network as the hacker.
Other vulnerabilities would have also allowed hackers to exploit Airplay-enabled Apple devices.However, Apple told Olgio these bugs have since been patched in software updates, WIRED reports.
That said, users aren't entirely safe, according to Olgio.
The software company - which reported 23 vulnerabilities to Apple and has been working with the tech giant to address the bugs - said AirBorne vulnerabilities in many third-party devices could still be hackable unless users update them.
As such, a hacker could access the same Wi-Fi as a target – by connecting to the same network at a cafe, shop or airport, or by hacking into another computer at a home – and take over the device.
Oligo's chief technology officer and co-founder, Gal Elbaz, estimated there are tens of millions of potentially vulnerable third-party AirPlay-enabled devices.
'Because Airplay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Mr Elbaz told WIRED.
'And it's all because of vulnerabilities in one piece of software that affects everything.'
Apple told news.com.au it has released fixes on its platforms and made software updates available for impacted third-party devices.
It also noted there are limitations to the attacks on Airplay-enabled devices as an attacker must use the same Wi-Fi network as the third-party device and devices such as speakers don't provide meaningful access to a user's private data.
How to protect yourself
In January 2025, Apple reported there were 2.35 billion active Apple devices across the globe.
In 2018, it said there were over 100 million active MacOs users globally.
While every Apple device is vulnerable to AirBorne attacks, Apple users can protect or mitigate against potential security risks by making sure they have downloaded the latest software on their iPhone, Mac and other devices.
Those using Airplay with third-party devices can check with the manufacturer to ensure they have the latest updates.
Oligo also recommended users disable Airplay if they're not using it and restrict it to only 'trusted devices' in the Airplay settings.
Users can also ensure the Airplay setting reading 'Allow Airplay for' is set to 'Current user'.
Oligo noted that while this does not prevent all of the issues, 'it does reduce the protocol's attack surface'.
Apple warns iPhone users to delete commonly used app
The news comes as Apple has warned iPhone users to delete a common app, claiming it's a danger to digital privacy.
Without mentioning the company by name, Apple issued a video warning for users to stop using Google Chrome.
A video titled 'Privacy on iPhone: Flock' parodies Alfred Hitchcock's 1963 film The Birds to demonstrate how browser information isn't really hidden from trackers.
'Flock' is likely a play on the web-tracking tech called FLoC, or Federated Learning of Cohorts, which allows 'advertisers and sites to show relevant ads without tracking individuals across the web'. Google dumped that tracking mechanism for a less privacy-friendly targeted advertising mechanism.
In the video, iPhone users are being followed by surveillance cameras as they browse the internet. The cameras finally explode and leave the users alone when they decide to use Safari as their browser.
The video from Apple is gaining traction after Google announced on Tuesday that it wouldn't remove third-party cookies in Chrome after it promised to do so.
The controversy has led Apple to promote its browser, Safari, as a 'browser that's actually private'.
Chrome allows websites and advertisers to track users' activity in order to serve personalised ads, which is a multibillion-dollar revenue stream for Google. Google initially planned to get rid of third-party cookies and develop a new way to issue targeted ads while still preserving user privacy, but the plan fell apart and the company has chosen to 'maintain our current approach to offering users third-party cookie choice in Chrome'.
Tracking cookies aren't inherently bad, but they can open the door to privacy risks, and sometimes increase the likelihood of your data and sensitive information being leaked or stolen — meaning if you have an iPhone and use Chrome, you likely will continue to be tracked unless you use Incognito Mode or you clear cookies manually. Apple's argument that Safari is safer has been backed up by experts, too.
'When it comes down to your security, Safari is probably your best bet,' Elly Hancock from Private Internet Access said in a blog post.
'Safari is more secure and privacy-friendly than Chrome, but Chrome is faster and offers enhanced performance.'