Latest news with #AirBorne
Time of India
22-05-2025
- Time of India
Apple's AirPlay system may have major security flaws that can allow hackers to hijack devices, researchers claim
Image credit: Oligo Apple's popular AirPlay feature has been found to contain major security flaws that could leave users vulnerable to hackers, a report claims. Researchers at cybersecurity firm Oligo have discovered that these vulnerabilities could allow attackers to hijack compatible devices connected to the same Wi-Fi network. AirPlay is a protocol that enables users to stream audio, video, or photos seamlessly from their Apple devices to other Apple devices or third-party gadgets that integrate the technology. A total of 23 vulnerabilities, collectively named 'AirBorne,' were reportedly identified. These flaws were present in both Apple's own AirPlay protocol and the AirPlay Software Development Kit (SDK), which third-party vendors use to make their devices compatible. Researchers share a video to show how this security flaw can affect users In their video demonstration, the researchers showed how an attacker on the same network could exploit an AirPlay-enabled Bose speaker, launch a remote code execution (RCE) attack, and display the 'AirBorne' logo on its screen. They warned that a similar technique could feasibly be used to infiltrate any microphone-equipped device for espionage purposes. In a statement to Wired, Oligo CTO Gal Elbaz said that the number of potentially vulnerable devices could be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched. And it's all because of vulnerabilities in one piece of software that affects everything,' Elbaz explained to Wired. Oligo also disclosed the vulnerabilities to Apple earlier and has been collaborating with the company for several months on patches before releasing their research to the public. Apple even issued updates addressing these issues in March for devices running iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. However, third-party products that implement the AirPlay protocol are still at risk, as manufacturers have to distribute their firmware updates for users to install to close the exposure. Meanwhile, Apple told Wired that while it has created patches for these third-party devices, it stressed that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. The researchers also noted that CarPlay-equipped systems remain at risk, since hackers can carry out an RCE attack if they are nearby and 'the device has a default, predictable, or known Wi-Fi hotspot password.'
Yahoo
21-05-2025
- Yahoo
Urgent warning to iPhone users: Turn off popular feature and take these steps for safety
Apple's AirPlay feature is beloved by many users — but it can leave you vulnerable to hackers. Researchers at cybersecurity firm Oligo found major security flaws in Apple AirPlay that allow hackers to hijack compatible devices on the same Wi-Fi network. AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another Apple device or third-party gadgets that integrate the protocol. The 23 vulnerabilities, dubbed 'AirBorne,' were found both in Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible, Wired reported. Researchers demonstrated in a video how vulnerabilities can be exposed to hackers by accessing an AirPlay-enabled Bose speaker on the same network and remotely executing a Remote Code Execution (RCE) attack, showing the 'AirBorne' logo on the speaker's display. They claimed that hackers realistically can use a similar strategy to gain access to devices with microphones for espionage. Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Elbaz explained. 'And it's all because of vulnerabilities in one piece of software that affects everything.' The risks were reported to Apple in the late fall and winter of last year, and Oligo worked with the tech giant for months on fixes before publishing their findings Tuesday. Apple devices with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4 and visionOS 2.4 had fixes rolled out on March 31. However, third-party devices that support AirPlay protocol remain vulnerable. The researchers said that manufacturers would need to roll out updates for users to install themselves in order to avoid being exposed to hackers. Apple told Wired that it created patches available for these third-party devices, but it emphasized that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. CarPlay-equipped systems are also at risk, the researchers noted, since hackers can carry out an RCE attack if they are near the unit and 'the device has a default, predictable, or known Wi-Fi hotspot password.' According to the report, there are several ways to help protect your device from the threat of hackers: Update your devices: Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks. Disable AirPlay Receiver: Oligo recommends fully disabling the AirPlay feature when not in use. Only AirPlay to trusted devices: Limit AirPlay communication and stream content to only trusted devices. Restrict AirPlay Settings: Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the 'Allow AirPlay for' option. 'While this does not prevent all of the issues mentioned in the report, it does reduce the protocol's attack surface,' researchers noted. Disable on public Wi-Fi: It's best to avoid enabling or using AirPlay when on a public Wi-Fi network.
Yahoo
21-05-2025
- Yahoo
Urgent warning to iPhone users: Turn off popular feature and take these steps for safety
Apple's AirPlay feature is beloved by many users — but it can leave you vulnerable to hackers. Researchers at cybersecurity firm Oligo found major security flaws in Apple AirPlay that allow hackers to hijack compatible devices on the same Wi-Fi network. AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another Apple device or third-party gadgets that integrate the protocol. The 23 vulnerabilities, dubbed 'AirBorne,' were found both in Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible, Wired reported. Researchers demonstrated in a video how vulnerabilities can be exposed to hackers by accessing an AirPlay-enabled Bose speaker on the same network and remotely executing a Remote Code Execution (RCE) attack, showing the 'AirBorne' logo on the speaker's display. They claimed that hackers realistically can use a similar strategy to gain access to devices with microphones for espionage. Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Elbaz explained. 'And it's all because of vulnerabilities in one piece of software that affects everything.' The risks were reported to Apple in the late fall and winter of last year, and Oligo worked with the tech giant for months on fixes before publishing their findings Tuesday. Apple devices with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4 and visionOS 2.4 had fixes rolled out on March 31. However, third-party devices that support AirPlay protocol remain vulnerable. The researchers said that manufacturers would need to roll out updates for users to install themselves in order to avoid being exposed to hackers. Apple told Wired that it created patches available for these third-party devices, but it emphasized that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. CarPlay-equipped systems are also at risk, the researchers noted, since hackers can carry out an RCE attack if they are near the unit and 'the device has a default, predictable, or known Wi-Fi hotspot password.' According to the report, there are several ways to help protect your device from the threat of hackers: Update your devices: Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks. Disable AirPlay Receiver: Oligo recommends fully disabling the AirPlay feature when not in use. Only AirPlay to trusted devices: Limit AirPlay communication and stream content to only trusted devices. Restrict AirPlay Settings: Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the 'Allow AirPlay for' option. 'While this does not prevent all of the issues mentioned in the report, it does reduce the protocol's attack surface,' researchers noted. Disable on public Wi-Fi: It's best to avoid enabling or using AirPlay when on a public Wi-Fi network.
Dublin Live
21-05-2025
- Dublin Live
iPhone owners given 'important' advice to check their settings immediately
Our community members are treated to special offers, promotions and adverts from us and our partners. You can check out at any time. More info All Apple users must pay attention and make sure they update all of their devices without delay. This latest alert has been raised after security experts at Oligo discovered a number of flaws within Apple's AirPlay technology that could allows hackers to infect phones, tablets and laptops with worrying malware. The attack has been branded "AirBorne" and it's not something anyone should ignore. "The vulnerabilities and the attack vectors they enable have been named "AirBorne" by Oligo Security researchers, as the attacks that they make possible are transmitted via wireless networks or peer–to-peer connections, and allow attackers to fully take over devices and use that access as a launchpad for further exploitation," the Oligo team explained. For those not aware, Apple's AirPlay system allows content to beamed to speakers and TVs wirelessly using Wi-Fi. However, it appears that this wire-free connectivity has also given cyber crooks a way to infect devices. Luckily, Apple has now fixed all of the bugs but it's vital that all users make sure their iPhones, iPads and MacBooks are fully updated with the very latest software. "Researchers have discovered a series of major security flaws in Apple AirPlay," Alanna Titterington from Kaspersky explained. "They've dubbed this family of vulnerabilities – and the potential exploits based on them – "AirBorne". The bugs can be leveraged individually or in combinations to carry out wireless attacks on a wide range of AirPlay-enabled hardware. "The most important thing you can do to protect yourself from AirBorne attacks is to update all your AirPlay-enabled devices." To make sure you are fully up to date, simply head to your Settings, then tap General and Software Update. Your device will show what downloads are impending or if your device is running the latest software. Although this latest attack sounds worrying you will be safe if you have the latest updates from Apple. It's also worth noting that a hack can only take place if the cyber crook is on the same Wi-Fi network which makes it very unlikely consumers will be affected. The only time Apple users might need to be alert is when using a public Wi-Fi network. "To pull off the attack, the adversary needs to be on the same network as the victim, which is realistic if, for example, the victim is connected to public Wi-Fi," Titterington added. For those still concerned, there are some other ways to avoid the issue. This includes disabling the AirPlay receiver if it is not in use., restrict AirPlay access and change the setting to "Allow AirPlay for" to "Current User". Join our Dublin Live breaking news service on WhatsApp. Click this link to receive your daily dose of Dublin Live content. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. If you're curious, you can read our Privacy Notice. For all the latest news from Dublin and surrounding areas visit our homepage.
NDTV
20-05-2025
- NDTV
Apple Warns iPhone Users, Advises Them To Urgently Turn Off This Feature
Apple has urged millions of its users to update their devices after serious security vulnerabilities were reported in iPhones. The users have been urged to switch off the AirPlay feature due to what has been dubbed the "AirBorne" security flaw. AirPlay is a feature that allows iPhone users to stream audio and video from their phone onto other smart devices such as TVs. Tel Aviv-based cybersecurity firm Oligo discovered the major security risks associated with the feature that allows hackers to hijack compatible devices on the same Wi-Fi network, according to a report in New York Post. "Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch or they will never be patched," Oligo CTO Gal Elbaz explained. "And it's all because of vulnerabilities in one piece of software that affects everything." As many as 23 vulnerabilities were reported, both in Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible. Once hackers have a way in, they can execute zero-click attacks, which include remotely hacking devices, deploying malware and stealing data without the user ever being on their phone. To stay safe, users are being told to disable AirPlay receivers in device settings and restrict access to 'Current User'. Installing security software on Apple devices can also reduce risks from AirPlay's constant background broadcasting. Previous instance This is not the first instance in recent weeks that Apple has urged its customers to update their devices fearing security breaches. In February, Apple said it had been targeted by "extremely sophisticated" attacks where the USB Restricted Mode might be disabled on a locked device. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the iPhone maker said. Notably, Apple's Restricted Mode is a security feature added almost seven years ago in iOS 11.4.1 and included in all later versions of iOS. It prevents locked devices from leaking data to any accessories connected to the USB-C or Lightning port.
