The convenience of AirPlay on Apple devices is hard to beat, but as much as the sentiment applies to the average user, it also applied to cyber criminals. A substantial list of bugs, when exploited together allows for the tech to be used to spread malware, which can then spread further via WiFi.
Cybersecurity company Oligo dubs the exploit chain as AirBorne, involving critical flaws in the native AirPlay Protocol and SDK. It is noted to be particularly dangerous due to its “wormable” nature, or the ability to automatically spread between devices on the same network without user interaction. This allows hackers to take control over macOS systems that accept AirPlay connections, which can then be further spread via a public WiFi network, for example.
Of course, because AirBorne spreads via AirPlay, it’s not just Macs, nor even just Apple products for that matter, that are vulnerable. Even third-party speakers can end up being infected without warning, which can then be used to spy on its owner. This flavour of exploit also extends to Apple CarPlay units.
The researchers say that they’ve worked with Apple to patch these holes, and newer devices getting the recent updates would be safe from AirBorne. That being said, older devices that don’t get support anymore, or third-party devices that don’t push out updates as swiftly or often may remain vulnerable.
(Source: Oligo)
