Vulnerability Research

AirBorne: Wormable Zero-Click Exploitation of AirPlay Protocol Threatens CarPlay Ecosystems

AirBorne: Wormable Zero-Click Exploitation of AirPlay Protocol Threatens CarPlay Ecosystems

Abstract Oligo Security has identified 23 vulnerabilities—17 assigned CVEs—within Apple’s AirPlay protocol and AirPlay SDK, impacting native Apple devices and third-party implementations, including CarPlay-enabled automotive infotainment systems. Two critical vulnerabilities, CVE-2025-24132 (stack-based buffer overflow) and CVE-2025-24252 (use-after-free), permit wormable zero-click remote code execution (RCE) under certain configurations.

Read More