Black Hat USA 2025 | Wormable Zero-Click RCE in AirPlay Impacts Billions of Apple and IoT Devices

Описание: Since its introduction in 2010, AirPlay has transformed the way Apple users stream media. Today, it is integrated into a wide range of devices, including speakers, smart TVs, audio receivers and even automotive systems, making it a key part of the world's multimedia ecosystem.

In this session, we will share new details about AirBorne - a series of vulnerabilities within Apple's AirPlay protocol that can compromise Apple devices as well as AirPlay supported devices that use the AirPlay SDK. These attacks can be carried out over the network and on nearby devices, since AirPlay supports peer-to-peer connections.

Among the AirBorne class of vulnerabilities, there are multiple vulnerabilities that lead to remote code execution, access control bypass, privilege escalation and sensitive information disclosure. When chained together, the vulnerabilities allowed us to fully compromise a wide range of devices from Apple and other vendors.

In this talk, we'll demonstrate full exploits on three kinds of devices: MacBook, Bose speaker and a Pioneer CarPlay device. We will reveal, for the first time, the technical details of the Zero-Click RCE vulnerabilities impacting nearly every AirPlay-enabled device, including IoT devices that may take years to update and some that may never be patched.

By:
Gal Elbaz | Co-Founder & CTO, Oligo Security
Avi Lumelsky | AI Security Researcher, Oligo Security
Uri Katz | Senior Vulnerability Researcher, Oligo Security

Full Session Details Available at:
https://blackhat.com/us-25/briefings/...