Another day, another hacker trying to steal your data. Researchers at Oligo Security reveal that flaws are being exploited to hijack Apple mobile devices and smart home gear. This new set of vulnerabilities found by hackers can attack and exploit Apple’s AirPlay Protocol and the AirPlay SDK.
The vulnerabilities can enable an array of attack vectors and outcomes, as revealed by Oligo:
- Zero-Click RCE
- One-Click RCE
- Access control list (ACL) and user interaction bypass
- Local Arbitrary File Read
- Sensitive information disclosure
- Man-in-the-middle (MITM) attacks
- Denial of service (DoS)
Two vulnerabilities allow hackers to attack and take over specific AirPlay-enabled devices and deploy malware to infect your local network and connected devices. The researchers highlight other possible sophisticated attacks related to “espionage, ransomware, supply-chain attacks, and more.”
While Apple and Oligo have worked to identify and address the vulnerability to protect users, Cupertino cannot do much about third-party AirPlay-enabled accessories.
For Apple users, the recommendation is to update their devices as soon as possible to the latest software versions, including iPhone, iPad, Mac, Apple Vision Pro, and Apple TV.
However, older AirPlay-enabled devices might never get a proper update to avoid those hacker attacks. So, users must buy newer AirPlay accessories that are likely to feature fewer vulnerabilities or avoid some basic stuff.
For example, never connecting to a public Wi-Fi is the easiest way to avoid these Airborne vulnerabilities. After all, hackers must be on the same Wi-Fi connection as you to attack your AirPlay device.
Still, while people don’t usually connect to airports’ Wi-Fi, hackers can take advantage of hotels, cafes, and other crowded locations’ Wi-Fi offerings. Oligo also mentions that vendors exchange Wi-Fi credentials using the IAP2 protocol so that hackers could intercept the process during pairing.
That said, don’t forget to keep your Apple AirPlay devices up-to-date and never connect your smart home gear, especially older devices, to public Wi-Fi networks. Using a VPN can also help you protect your iPhone.
