Oligo Security discovered 23 security defects were discovered in Apple’s Airplay protocol and its SDK. These vulnerabilities allowed for the propagation of zero-click exploits, which require no user input to execute. Given the involvement of the AirPlay SDK, third-party devices are also vulnerable. These “wormable exploits” also enable lateral attacks once a compromised machine connects to a common network. Apple has been working with Oligo to eliminate these “AirBorne” vulnerabilities, as they have been named.
