If you use the AirPlay feature on your Apple devices, you shouldn’t miss this news. Security researchers at cybersecurity company Oligo have found major flaws in Apple’s AirPlay protocol that let cybercriminals hack compatible Apple and other devices on the same Wi-Fi network.

Major security flaws within the Apple AirPlay protocol expose millions of compatible devices to hackers

AirPlay is a wireless streaming protocol that allows Apple users to cast audio and video to multiple devices. Oligo’s researchers spotted security flaws, what they call “AirBorne,” in both Apple’s AirPlay protocol and the AirPlay Software Development Kit (SDK).

If you use CarPlay, it isn’t safe either. The Oligo’s report details that hackers can attempt an RCE attack when they are near the CarPlay unit. If the device has “a default, predictable, or known Wi-Fi hotspot password,” you are at major risk of being hacked. Speaking with Wired, Oligo CTO Gal Elbaz said that the number of devices exposed could be in the millions.

In a video, researchers also detailed how hackers can expose the security flaw within Apple AirPlay. They remotely executed an RCE attack on an AirPlay-enabled Bose speaker to display the “AirBorne” logo on the speaker’s display. The researchers further claim that hackers could use the same tactic to gain access to microphone-enabled devices to spy on you.

Oligo reportedly worked with Apple to fix 23 security AirPlay flaws after reporting them in the late fall and winter of last year. Apple rolled out those fixes on March 31 with the release of iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. Unfortunately, third-party devices supporting the AirPlay protocol remain exposed.

How do you stay safe?

If you are worried about the Apple AirPlay security flaw, the tech giant wants you to do a few things. If you use an AirPlay-enabled Apple device, make sure to update it to the latest version available. Next, don’t forget to turn off the AirPlay feature when you’re not using it. Lastly, you should only stream content using AirPlay on trusted devices. As a preventive measure, we also recommend that you keep AirPlay disabled when you’re using public Wi-Fi.