Urgent warning to iPhone users over Airplay feature
Hackers can hijack your iPhone , Mac, or even car through Apple's AirPlay, thanks to a devastating set of flaws dubbed 'AirBorne.' The team at Oligo Security discovered 23 vulnerabilities in AirPlay, which allows users to stream audio, video and photos from Apple devices to other smart devices. After discovering all those flaws, tech researchers revealed 17 different ways they could be exploited by hackers to remotely attack billions of devices that use wireless streaming technology.
The 17 issues represent different ways hackers can exploit AirPlay, each requiring specific software fixes to protect devices from threats like remote takeovers, data theft, or malware spreading across networks . The 'AirBorne' flaws allow zero-click attacks, where hackers can harm devices without any user action, such as a macOS exploit that secretly replaces the Apple Music app with malicious code. Apple patched its devices with security updates like iOS 18.4, macOS Sequoia 15.4, and tvOS 18.4 on March 31.
However, tens of millions of third-party AirPlay devices may remain vulnerable without timely manufacturer updates. To stay safe, disable AirPlay receivers in device settings and restrict access to 'Current User.' Installing security software on Apple devices further reduces risks from AirPlay's constant background broadcasting. With 1.8 billion iPhones and another 500 million AirPlay-compatible devices active globally, the threat of AirBorne's is massive, amplified by its ability to chain attacks across networks.
The team at Oligo Security found that two of the flaws allowed attackers to weaponize iPhones, allowing them to 'do things like deploy malware that spreads to devices on any local network the infected device connects to.' AirBorne also targets smart speakers and CarPlay-enabled car infotainment systems, allowing hackers to execute harmful actions without the user interacting with their device. The attacks can act like a network worm, automatically spreading to other devices on networks like public Wi-Fi, putting more systems at risk.
Combining updates, cautious settings, and security software is critical to thwart AirBorne's threats. An Apple spokesperson told DailyMail.com that attackers can only exploit these flaws if they are on the same Wi-Fi network as the device they are targeting. According to Oligo, however, some third-party devices that are compatible with AirPlay may still be vulnerable if their manufacturers do not provide timely updates. For third-party devices using AirPlay, cybersecurity experts have urged users to check with their manufacturers for software updates regularly.
'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Elbaz told Wired. 'And it's all because of vulnerabilities in one piece of software that affects everything.' So, even if your Apple devices are up-to-date, that doesn't mean they're totally protected from hackers who may exploit these AirPlay vulnerabilities. While not every Apple device worldwide is vulnerable AirBorne, Apple stated in January 2025 that there are 2.35 billion active Apple devices across the globe.
In 2018, Apple indicated that there were over 100 million active MacOS users globally. Oligo reported it tipped Apple off about the vulnerabilities last fall, which Apple did not take lightly and worked with the security firm to patch the flaw. The other vulnerabilities discovered allowed hackers to execute malicious code on a remote system from a remote location, potentially gaining unauthorized control. The team also uncovered a security mechanism that was not configured properly, along with a flaw that allowed cybercriminals to access and read sensitive data.
When AirPlay is turned on, your device is constantly broadcasting and listening for AirPlay signals in the background, even when you're not actively using the feature. Disabling the AirPlay feature stops the device from doing this, removing the 'attack surface' - the access points through which hackers can take control of your device. To disable AirPlay on your iPhone, open the Settings app and tap 'General,' then 'AirPlay & Continuity.' At the top of the menu, you will see a tab called 'Automatically AirPlay.' Tap that, then select the 'Never' option to turn the feature off.
Want more stories like this from the Daily Mail? Visit our profile page and hit the follow button above for more of the news you need.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Guardian
17 minutes ago
- The Guardian
Reddit sues AI company Anthropic for allegedly ‘scraping' user comments to train chatbot
Social media platform Reddit has sued the artificial intelligence company Anthropic, alleging that it is illegally 'scraping' the comments of Reddit users to train its chatbot Claude. Reddit claims that Anthropic has used automated bots to access the social network's content despite being asked not to do so, and 'intentionally trained on the personal data of Reddit users without ever requesting their consent'. Anthropic didn't immediately return a request for comment. The claim was filed on Wednesday in the superior court of California in San Francisco. 'AI companies should not be allowed to scrape information and content from people without clear limitations on how they can use that data,' said Ben Lee, Reddit's chief legal officer, in a statement on Wednesday. Sign up to TechScape A weekly dive in to how technology is shaping our lives after newsletter promotion Reddit has previously entered licensing agreements with Google, OpenAI and other companies to enable them to train their AI systems on Reddit commentary. The large quantity of text generated by Reddit's 100 million daily active users has played a part in the creation of many large language models, the type of AI that underpins ChatGPT, Claude and others. Those agreements 'enable us to enforce meaningful protections for our users, including the right to delete your content, user privacy protections, and preventing users from being spammed using this content', Lee said.
Reuters
35 minutes ago
- Reuters
Apple loses bid to pause app store reform order in Epic Games case
June 4 (Reuters) - Apple (AAPL.O), opens new tab has failed to persuade a U.S. appeals court to pause key parts of a federal judge's order requiring the iPhone maker to immediately open its lucrative App Store to more competition. The 9th U.S. Circuit Court of Appeals on Wednesday rejected Apple's request to put the provisions on hold as the tech giant appeals the judge's order, which came in a long-running antitrust lawsuit brought by 'Fortnite' maker Epic Games. U.S. District Judge Yvonne Gonzalez Rogers in April found Apple (AAPL.O), opens new tab in contempt of an earlier injunction order she issued in the Epic Games case. The judge on April 30 ordered Apple to end several practices that she said were designed to circumvent the injunction, including a new 27% fee Apple imposed on app developers when its customers complete an app purchase outside the App Store. The court also prohibited Apple from restricting where developers place links to make purchases outside of an app. In its emergency appeal, Apple said the ruling blocked the company from "exercising control over core aspects of its business operations" and forced it to give away free access to its services. Epic Games countered that Apple was trying to continue evading competition and collecting fees that the judge had barred. Apple has faced a "surge of genuine competition" since Gonzalez Rogers issued her April injunction, as developers updated apps with "better payment methods, better deals, and better consumer choice," Epic said. Epic Games sued Apple in 2020 to loosen its control over transactions in applications that use its iOS operating system and how apps are distributed to consumers. Apple mostly won the case, but Gonzalez Rogers in 2021 said Apple must allow developers to more easily steer consumers to potentially cheaper non-Apple payment options. Apple defied that court order to maintain a revenue stream worth billions of dollars, Gonzalez Rogers wrote in April. She also said Apple had misled the court about its efforts to comply with her injunction and referred the company and one of its executives to federal prosecutors for a possible criminal contempt investigation.
Auto Blog
2 hours ago
- Auto Blog
Faraday Makes Its Boldest Promises Yet, Including Beating Toyota
Going After The Biggest Players In The Game It's not that long ago that it seemed a new EV startup was popping up every week. Few of them survived, and fewer still seem to have any prospects of doing so much longer, but one that is hanging on is Faraday Future, and it's finally announcing (and teasing) new cars for us to speculate about. Right at the start, we should warn you that very little concrete information has been provided, but the few bits of the company's announcement that are specific are telling. The name of the new car is the FX 4 (part of the Faraday X sub-brand), and the company claims that it will be 'the disruptor of RAV4 in the AIEV era.' Going after Tesla and Toyota with one car? That's going to bring some challenges, but Faraday has others in the works for other uses, too. Previous Pause Next Unmute 0:00 / 0:10 Nissan's revolutionary self-driving tech hits Japan's streets Watch More What We Can Expect From The FX 4 Only one teaser image of the FX 4 was shared on the company's website, and nothing is yet being shown on its social media channels, but that won't remain the case for long. The company intends to unveil the new model's product plan in Q3 2025, with plans to start accepting pre-orders before the year is out. The company believes the FX 4 is the model 'with the greatest potential to become a true blockbuster and unlock the mainstream market within FX's current lineup.' That, in itself, is an admission that things haven't gone well with other products, an acknowledgement that for EVs to find success, they have to – at least for now – become much cheaper than something like the FF91, which can carry a base MSRP on the dark side of $300,000. A 2025 Toyota RAV4 costs a tenth of that in base spec ($29,250, excluding destination), and a 2025 Model Y starts less than 20 grand higher in its most expensive form. Faraday's current base offering, the FX 5, is already targeting a price between $20,000 and $30,000, so the FX 4 – expected to be smaller than the Model Y – could rival the cheapest cars in America if all promises are kept. But Wait, There's A Minivan Coming Too You might not have noticed it yet, but minivans are cool again. We're not the only ones saying it either; Road and Track recently spoke to Edmunds and found that, not only are the options improving, but more people are buying those options. Faraday, always with an eye on the future (ha), seems to have realized this some time ago, as it's also planning to bring the FX Super One minivan to market, teased above. That's one of the prototypes seen below. Another is the aforementioned FX 4, and a third is the FX 6, which is supposed to reach the market with a price tag between $30,000 and $50,000. The label on Faraday's site only specifically notes those three, and none of the cars in the image below reveal all their features, so we can't be sure of the last prototype. The fact that four vehicles have been displayed should indicate that significant progress on all of Faraday's projects is being made. We'll see what transpires with the FX 4 by the end of September and go from there, but the Tesla Model Y has consistently been a global best-seller, and Toyota's excellent RAV4 even outsold the beloved Ford F-150 last year, so it's as tall an order as they get. In addition, Toyota has new EVs of its own on the way. May the best automaker win.
