- Home
- Alerts & Advisories
- Alerts
- Multiple Vulnerabilities in Apple AirPlay Protocol and Software Development Kit
Multiple Vulnerabilities in Apple AirPlay Protocol and Software Development Kit
30 April 2025
Apple has released security updates addressing multiple vulnerabilities in their AirPlay Protocol and Software Development Kit (SDK). Users and administrators of affected products are advised to update to the latest versions immediately.
Apple has released security updates addressing multiple vulnerabilities (CVE-2025-24252, CVE-2025-24206 and CVE-2025-24132) in their AirPlay Protocol and Software Development Kit (SDK).
The vulnerabilities are:
CVE-2025-24252: Successful exploitation of the use-after-free vulnerability could allow a remote attacker to execute arbitrary code. When exploited together with CVE-2025-24206, the attacker is able to perform zero-click remote code execution on other vulnerable AirPlay-enabled devices in the same network, without any user interaction. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
CVE-2025-24206: Successful exploitation of the vulnerability could allow an attacker to bypass authentication and conduct malicious activites without user interaction when exploited with other vulnerabilities.
CVE-2025-24132: Successful exploitation of the stack-based buffer overflow vulnerability could allow an attacker to perform zero-click remote code execution on vulnerable AirPlay SDK devices and potentially leak sensitive information by eavesdropping.
The vulnerabilities affect the following products:
CVE-2025-24252 and CVE-2025-24206:
iPhone XS and later
iPad Pro 13-inch
iPad Pro 12.9-inch 3rd generation and later
iPad Pro 11-inch 1st generation and later
iPad Air 3rd generation and later
iPad 7th generation and later
iPad mini 5th generation and later
iPad Pro 12.9-inch 2nd generation
iPad Pro 10.5-inch
iPad 6th generation
macOS Sequoia
macOS Sonoma
macOS Ventura
Apple TV HD and Apple TV 4K (all models)
Apple Vision Pro
CVE-2025-24132:
AirPlay audio SDK 2.7.1
AirPlay video SDK 3.6.0.126
CarPlay Communication Plug-in R18.1
Users and administrators of affected products are advised to update to the latest versions. The following mitigations are also encouraged:
Disable AirPlay receiver fully if not in use
Restrict AirPlay settings by changing "Allow AirPlay for" to "Current User" to reduce attack surface
Users are also advised to enable automatic software updates by going to Settings > General > Software Updates > Enable Automatic Updates.
More information is available here:
https://nvd.nist.gov/vuln/detail/CVE-2025-24252
https://www.oligo.security/blog/airborne