A number of vulnerabilities have been discovered in Apple's AirPlay protocol and software development kit that can act as an entry point to infect other devices on a network. Although Apple has closed vulnerabilities with security updates released in the last few months, third-party devices that support AirPlay are still said to be unprotected.
Beware when connecting to public WiFi networks!
The AirPlay vulnerability, dubbed Airborne, allows attackers to take control of devices that support AirPlay to infect other devices with malware on any local device to which the infected device is connected. However, the attacker must be on the same Wi-Fi network as the intended victim.
Researchers at Oligo say the AirPlay vulnerability could lead to sophisticated attacks related to espionage, ransomware, supply chain attacks and more. The vulnerability can be used independently or chained together for “various possible attack vectors” such as Remote Code Execution, bypassing user interaction, Denial of Service attacks, Agent Attacks and more.
Don't set AirPlay as public!
Apple is rumored to be working with Oligo to identify and fix security vulnerabilities. Oligo has identified 23 separate vulnerabilities, which Apple has fixed. Apple has also distributed fixes for the AirPlay SDK for third-party manufacturers. So while Apple device users are strongly encouraged to upgrade to the latest version, other AirPlay-supported devices may still be vulnerable. Therefore, it is useful not to set AirPlay open to all users.
0 Comments: