CarPlay

The Automotive Security Blind Spot: Lessons from the CarPlay Supply Chain

The Automotive Security Blind Spot: Lessons from the CarPlay Supply Chain

Executive Summary The recent CarPlay AirPlay vulnerability (CVE-2025-24132) reveals a critical systemic flaw in automotive security: the industry’s lack of visibility and control over third-party software components. This incident demonstrates how a single vulnerability in a supplier’s code can create widespread risk across multiple OEMs, highlighting the urgent need for software supply chain transparency and collaborative security practices.

Read More
AirBorne: Wormable Zero-Click Exploitation of AirPlay Protocol Threatens CarPlay Ecosystems

AirBorne: Wormable Zero-Click Exploitation of AirPlay Protocol Threatens CarPlay Ecosystems

Abstract Oligo Security has identified 23 vulnerabilities—17 assigned CVEs—within Apple’s AirPlay protocol and AirPlay SDK, impacting native Apple devices and third-party implementations, including CarPlay-enabled automotive infotainment systems. Two critical vulnerabilities, CVE-2025-24132 (stack-based buffer overflow) and CVE-2025-24252 (use-after-free), permit wormable zero-click remote code execution (RCE) under certain configurations.

Read More