AirBorne: Wormable Zero-Click RCE in Apple AirPlay (Oligo Security)

Mise à jour sur la pétitionEncourage Apple to resume firmware updates for Airport Express (security, environment)AirBorne: Wormable Zero-Click RCE in Apple AirPlay (Oligo Security)

Gary LongsineMissoula, MT, États-Unis

30 avr. 2025

The original blog post from the security researchers at oligo can be found here:

Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk (oligo)

The vulnerabilities enable an array of attack vectors and outcomes, including:

Zero-Click RCE
One-Click RCE
Access control list (ACL) and user interaction bypass
Local Arbitrary File Read
Sensitive information disclosure
Man-in-the-middle (MITM) attacks
Denial of service (DoS)
These vulnerabilities can be chained by attackers to potentially take control of devices that support AirPlay – including both Apple devices and third-party devices that leverage the AirPlay SDK.
-- end quote --

Soutenir maintenant

Signez cette pétition

Copier le lien

Facebook

E-mail

illumineX shared this petition on BlueSky

The AirBorne Defects in Apple's AirPlay SDK Should Be a Wake-Up Call for the Industry