Update Your Apple Devices Now to Protect Them From the New AirPlay Vulnerability

Posted on by

There’s a new Apple security problem in town, and this time it involves air travel. Or, well, that’s what security researchers call it. A number of security vulnerabilities are now affecting the AirPlay feature in Apple products, as well as the AirPlay SDK used in third-party gadgets such as TVs, speakers, receivers and more, cybersecurity firm Oligo reported Tuesday .

As reported by Wired , this vulnerability allows hackers to gain control of the AirPlay protocol to inject malware and gain control of affected devices. This is a zero-click attack, so it works even if you don’t click on anything.

AirPlay is a widely supported protocol and a popular way to share audio and video on Apple devices. Luckily, Oligo alerted Apple to the problem and spent months fixing it.

How does Airborne hijacking work?

The Airborne vulnerability only works on a local network, so the hijacker would have to be close to you and on the same network. This local network can be anywhere, such as your home, workplace, or an airport Wi-Fi network.

If the hacker is on your local network and if your AirPlay devices are discoverable, they are susceptible to a zero-click attack. This means that the hijacker can take control of your device without any action on your part. Alternatively, they may target your device with another type of attack, such as a Man-in-the-Middle (MITM) attack or a Denial of Service (DoS) attack.

On a Mac, this could allow a hijacker to take control and run malicious code on your computer.

On a connected device, such as a Bluetooth speaker, an attacker can also allow whatever they want to be played, or turn on the microphone to listen in on conversations. The video below shows security researchers seizing a Bose speaker.

What are your thoughts so far?

It’s time to update all your Apple devices

Apple has fixed the Airborne vulnerability in all of its latest software versions. This means it’s time to update your iPhone, iPad, Mac, Apple Watch and Apple Vision Pro to the latest software version available. You can do this by going to Settings > General > Software Update on an iPhone or iPad and System Settings > General > Software Update on a Mac.

What to do with third-party devices

Although Oligo is working closely with Apple to fix the vulnerability in its devices, the issue still remains on devices that support the AirPlay protocol, such as a TV or smart speaker, which are still affected by this issue. These devices, of which there are tens of millions in the wild, pose a real challenge because security researchers can’t work with every single company to solve the problem.

There’s not much you can do with third-party devices, but if you see an update from an AirPlay-enabled device in your home, be sure to install it.

How to Protect Yourself from AirPlay Hacks

Photo: Khamosh Pathak.

Yes, you have updated your official Apple devices, but as mentioned above, depending on your device, this may not be enough. While you can’t count on updating your speaker’s firmware, there are a few things you can do to reduce the likelihood of an attack.

  1. First, make sure you update all third-party devices that support AirPlay. This means your TV or your smart audio system.

  2. Then make sure AirPlay is turned off when you’re not actively using it. How to do this depends on your device, but to do it on a Mac, go to System Preferences > AirDrop & Handoff and turn off AirPlay Receiver .

  3. Use only approved devices to stream AirPlay content.

  4. Then limit AirPlay streaming to only you. On a Mac, this is located under Settings > General > AirDrop and Handoff . Go to this menu, then from the drop-down list next to Allow AirPlay for, select Current User .

  5. Most importantly, avoid playing content via AirPlay when you are on a public network or using any unknown network, such as in airports, cafes or hotels.

More…

Security

Leave a Reply