iPhone users have been hit with a serious cybersecurity warning after researchers uncovered a major flaw in one of Apple’s most widely used features, AirPlay.
Cybersecurity firm Oligo Security has revealed 23 separate vulnerabilities in Apple’s AirPlay system that could let hackers remotely take control of your device, even without touching it.
Used by millions to stream content from iPhones to TVs and speakers, AirPlay has now been branded a potential security threat, with the attack method being ominously named "AirBorne."
Advert
The researchers said two of the bugs were particularly dangerous, allowing attackers to weaponise iPhones on the same Wi-Fi network and “do things like deploy malware that spreads to devices on any local network the infected device connects to.”
If that doesn't sound scarily intrusive enough, the team also warned that the flaws can be used to steal personal data, listen in on conversations, cause devices to crash, or even “fully take over devices” through a wireless connection.
“Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,” said Oligo's Elbaz. “And it’s all because of vulnerabilities in one piece of software that affects everything.”
While Apple has already issued patches for iPhones, iPads, Macs and the Apple Vision Pro in an update rolled out on March 31, there's a massive catch. That is the fact that millions of third-party AirPlay-enabled devices remain unprotected unless manufacturers issue their own updates.
According to Oligo, the number of at-risk devices could be in the tens of millions, meaning even if your Apple gadgets are up to date, you could still be exposed via another connected device.
An Apple spokesperson downplayed the risk, telling DailyMail.com that the flaws can only be exploited if the hacker is on the same Wi-Fi network. But Oligo warned that this still presents a major problem, especially in public or shared networks.
Worse still, some of the other vulnerabilities discovered allow hackers to remotely execute malicious code, improperly access sensitive data, or bypass critical security checks.
To protect yourself, experts recommend two key steps. The first is to simply install the latest software updates on all Apple devices, so you’ve got the newest version of implemented protections available.
The second is to disable AirPlay completely if you don’t use it regularly. You can do this by selecting “Settings”, “General”, “AirPlay & Continuity”, “Automatically AirPlay”, and finally “Never”.
When AirPlay is on, your device is constantly listening for signals in the background, creating what Oligo describes as a larger “attack surface” for hackers to exploit.
If you’ve got any third-party smart TVs, speakers, or accessories using AirPlay, check with the manufacturer for firmware updates; otherwise, they may remain vulnerable indefinitely.