Latest news with #Elbaz
Time of India
22-05-2025
- Time of India
Apple's AirPlay system may have major security flaws that can allow hackers to hijack devices, researchers claim
Image credit: Oligo Apple's popular AirPlay feature has been found to contain major security flaws that could leave users vulnerable to hackers, a report claims. Researchers at cybersecurity firm Oligo have discovered that these vulnerabilities could allow attackers to hijack compatible devices connected to the same Wi-Fi network. AirPlay is a protocol that enables users to stream audio, video, or photos seamlessly from their Apple devices to other Apple devices or third-party gadgets that integrate the technology. A total of 23 vulnerabilities, collectively named 'AirBorne,' were reportedly identified. These flaws were present in both Apple's own AirPlay protocol and the AirPlay Software Development Kit (SDK), which third-party vendors use to make their devices compatible. Researchers share a video to show how this security flaw can affect users In their video demonstration, the researchers showed how an attacker on the same network could exploit an AirPlay-enabled Bose speaker, launch a remote code execution (RCE) attack, and display the 'AirBorne' logo on its screen. They warned that a similar technique could feasibly be used to infiltrate any microphone-equipped device for espionage purposes. In a statement to Wired, Oligo CTO Gal Elbaz said that the number of potentially vulnerable devices could be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched. And it's all because of vulnerabilities in one piece of software that affects everything,' Elbaz explained to Wired. Oligo also disclosed the vulnerabilities to Apple earlier and has been collaborating with the company for several months on patches before releasing their research to the public. Apple even issued updates addressing these issues in March for devices running iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. However, third-party products that implement the AirPlay protocol are still at risk, as manufacturers have to distribute their firmware updates for users to install to close the exposure. Meanwhile, Apple told Wired that while it has created patches for these third-party devices, it stressed that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. The researchers also noted that CarPlay-equipped systems remain at risk, since hackers can carry out an RCE attack if they are nearby and 'the device has a default, predictable, or known Wi-Fi hotspot password.'
Yahoo
21-05-2025
- Yahoo
Urgent warning to iPhone users: Turn off popular feature and take these steps for safety
Apple's AirPlay feature is beloved by many users — but it can leave you vulnerable to hackers. Researchers at cybersecurity firm Oligo found major security flaws in Apple AirPlay that allow hackers to hijack compatible devices on the same Wi-Fi network. AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another Apple device or third-party gadgets that integrate the protocol. The 23 vulnerabilities, dubbed 'AirBorne,' were found both in Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible, Wired reported. Researchers demonstrated in a video how vulnerabilities can be exposed to hackers by accessing an AirPlay-enabled Bose speaker on the same network and remotely executing a Remote Code Execution (RCE) attack, showing the 'AirBorne' logo on the speaker's display. They claimed that hackers realistically can use a similar strategy to gain access to devices with microphones for espionage. Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Elbaz explained. 'And it's all because of vulnerabilities in one piece of software that affects everything.' The risks were reported to Apple in the late fall and winter of last year, and Oligo worked with the tech giant for months on fixes before publishing their findings Tuesday. Apple devices with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4 and visionOS 2.4 had fixes rolled out on March 31. However, third-party devices that support AirPlay protocol remain vulnerable. The researchers said that manufacturers would need to roll out updates for users to install themselves in order to avoid being exposed to hackers. Apple told Wired that it created patches available for these third-party devices, but it emphasized that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. CarPlay-equipped systems are also at risk, the researchers noted, since hackers can carry out an RCE attack if they are near the unit and 'the device has a default, predictable, or known Wi-Fi hotspot password.' According to the report, there are several ways to help protect your device from the threat of hackers: Update your devices: Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks. Disable AirPlay Receiver: Oligo recommends fully disabling the AirPlay feature when not in use. Only AirPlay to trusted devices: Limit AirPlay communication and stream content to only trusted devices. Restrict AirPlay Settings: Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the 'Allow AirPlay for' option. 'While this does not prevent all of the issues mentioned in the report, it does reduce the protocol's attack surface,' researchers noted. Disable on public Wi-Fi: It's best to avoid enabling or using AirPlay when on a public Wi-Fi network.
Yahoo
21-05-2025
- Yahoo
Urgent warning to iPhone users: Turn off popular feature and take these steps for safety
Apple's AirPlay feature is beloved by many users — but it can leave you vulnerable to hackers. Researchers at cybersecurity firm Oligo found major security flaws in Apple AirPlay that allow hackers to hijack compatible devices on the same Wi-Fi network. AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another Apple device or third-party gadgets that integrate the protocol. The 23 vulnerabilities, dubbed 'AirBorne,' were found both in Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible, Wired reported. Researchers demonstrated in a video how vulnerabilities can be exposed to hackers by accessing an AirPlay-enabled Bose speaker on the same network and remotely executing a Remote Code Execution (RCE) attack, showing the 'AirBorne' logo on the speaker's display. They claimed that hackers realistically can use a similar strategy to gain access to devices with microphones for espionage. Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Elbaz explained. 'And it's all because of vulnerabilities in one piece of software that affects everything.' The risks were reported to Apple in the late fall and winter of last year, and Oligo worked with the tech giant for months on fixes before publishing their findings Tuesday. Apple devices with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4 and visionOS 2.4 had fixes rolled out on March 31. However, third-party devices that support AirPlay protocol remain vulnerable. The researchers said that manufacturers would need to roll out updates for users to install themselves in order to avoid being exposed to hackers. Apple told Wired that it created patches available for these third-party devices, but it emphasized that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. CarPlay-equipped systems are also at risk, the researchers noted, since hackers can carry out an RCE attack if they are near the unit and 'the device has a default, predictable, or known Wi-Fi hotspot password.' According to the report, there are several ways to help protect your device from the threat of hackers: Update your devices: Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks. Disable AirPlay Receiver: Oligo recommends fully disabling the AirPlay feature when not in use. Only AirPlay to trusted devices: Limit AirPlay communication and stream content to only trusted devices. Restrict AirPlay Settings: Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the 'Allow AirPlay for' option. 'While this does not prevent all of the issues mentioned in the report, it does reduce the protocol's attack surface,' researchers noted. Disable on public Wi-Fi: It's best to avoid enabling or using AirPlay when on a public Wi-Fi network.
New York Post
20-05-2025
- New York Post
Urgent warning to iPhone users — turn off popular feature and take these steps for safety
Apple's AirPlay feature is beloved by many users — but it can leave you vulnerable to hackers. Researchers at cybersecurity firm Oligo found major security flaws in Apple AirPlay that allow hackers to hijack compatible devices on the same Wi-Fi network. AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another Apple device or third-party gadgets that integrate the protocol. The 23 vulnerabilities, dubbed 'AirBorne,' were found both in Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible, Wired reported. Researchers demonstrated in a video how vulnerabilities can be exposed to hackers by accessing an AirPlay-enabled Bose speaker on the same network and remotely executing a Remote Code Execution (RCE) attack, showing the 'AirBorne' logo on the speaker's display. They claimed that hackers realistically can use a similar strategy to gain access to devices with microphones for espionage. Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Elbaz explained. 'And it's all because of vulnerabilities in one piece of software that affects everything.' Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. Gorodenkoff – The risks were reported to Apple in the late fall and winter of last year, and Oligo worked with the tech giant for months on fixes before publishing their findings Tuesday. Apple devices with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4 and visionOS 2.4 had fixes rolled out on March 31. However, third-party devices that support AirPlay protocol remain vulnerable. The researchers said that manufacturers would need to roll out updates for users to install themselves in order to avoid being exposed to hackers. AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another device. DenPhoto – Apple told Wired that it created patches available for these third-party devices, but it emphasized that there are 'limitations' to the attacks that would be possible on AirPlay-enabled devices due to the bugs. CarPlay-equipped systems are also at risk, the researchers noted, since hackers can carry out an RCE attack if they are near the unit and 'the device has a default, predictable, or known Wi-Fi hotspot password.' According to the report, there are several ways to help protect your device from the threat of hackers: Update your devices: Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks. Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks. Disable AirPlay Receiver: Oligo recommends fully disabling the AirPlay feature when not in use. Oligo recommends fully disabling the AirPlay feature when not in use. Only AirPlay to trusted devices: Limit AirPlay communication and stream content to only trusted devices. Limit AirPlay communication and stream content to only trusted devices. Restrict AirPlay Settings: Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the 'Allow AirPlay for' option. 'While this does not prevent all of the issues mentioned in the report, it does reduce the protocol's attack surface,' researchers noted. Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the 'Allow AirPlay for' option. 'While this does not prevent all of the issues mentioned in the report, it does reduce the protocol's attack surface,' researchers noted. Disable on public Wi-Fi: It's best to avoid enabling or using AirPlay when on a public Wi-Fi network.
Yahoo
03-05-2025
- Yahoo
Billions of iPhone users at risk of dangerous malware attack — warning issued on newly found flaw
Apple users are being urged to update their devices ASAP after cyber sleuths uncovered a major flaw that could let hackers get into their gadgets. What's being called 'AirBorne' allows hackers to deploy malware, snoop on your private data, or even eavesdrop on your conversations when connected to the same Wi-Fi network as your devices, which includes public places like airports, coffee shops, or even your work office. To keep hackers out, users are advised to update all devices to the latest software, especially those connected to AirPlay. It's also recommended to disable the AirPlay feature altogether if not in use because it serves as an access point for hackers to possibly take control of your device. Even worse? Devices you're not actively using — like that Bluetooth speaker collecting dust — could be another gateway for hackers. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,' Gal Elbaz, chief technology officer and co-founder of Tel Aviv-based cybersecurity firm Oligo, told Wired. 'And it's all because of vulnerabilities in one piece of software that affects everything.' The flaws — 23 of them, to be exact — were found in Apple's AirPlay protocol and software development kit (SDK), which lets users beam photos, music and video between devices. While Apple has released security updates to fix the flaw in their devices, millions of third-party gadgets — from smart TVs to set-top boxes and car systems — may still be sitting ducks if their manufacturers haven't patched them. That means even if your iPhone is fully up to date, a connected speaker or TV could act as a backdoor — and hackers love backdoors. 'If a hacker can get on the same network as one of these devices, they can gain control and use it as a stepping stone to reach everything else,' warned Elbaz. Cybersecurity expert Patrick Wardle, CEO of Apple-focused security firm DoubleYou, also noted to the outlet that these third-party time bombs are often neglected by users — and by the companies that made them. 'When third-party manufacturers integrate Apple technologies like AirPlay via an SDK, obviously Apple no longer has direct control over the hardware or the patching process,' Wardle said. As a result, he explained, if third-party vendors drag their feet — or skip updates entirely — it could leave users exposed and might chip away at consumer trust in the entire 'Apple ecosystem.'
