{"uuid": "3450751c-9104-4353-8ac2-5dc181934d30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24132", "type": "published-proof-of-concept", "source": "https://t.me/cIub1337/226", "content": "A critical set of vulnerabilities were uncovered in Apple\u2019s AirPlay protocol and its associated AirPlay Software Development Kit (SDK), which is used by third-party vendors to integrate AirPlay into third-party devices, collectively dubbed \u201cAirBorne.\u201d\n\nThe vulnerabilities enable an array of attack vectors and outcomes, including:\n- Zero-Click RCE\n- One-Click RCE\n- Access control list (ACL) and user interaction bypass\n- Local Arbitrary File Read\n- Sensitive information disclosure\n- Man-in-the-middle (MITM) attacks\n- Denial of service (DoS)\n\nNotably, two vulnerabilities\u2014CVE-2025-24252 and CVE-2025-24132\u2014can be exploited to execute wormable zero-click RCE attacks, allowing malware to spread across devices via wireless or peer-to-peer connections without user interaction. \ufffc\n\nApply available security updates and consider disabling #AirPlay features when not in use to mitigate potential exploitation.\n\n#AirBorne\n\nhttps://www.oligo.security/blog/airborne\n\nTelegram   \u2709\ufe0f @club1337\nX (Twitter) \ud83d\udd4a @club31337", "creation_timestamp": "2025-04-30T17:00:51.000000Z"}