How to protect our Apple devices from “zero-click” attacks: they take place without the user doing anything, only by sharing the same Wi-Fi network with the attacker.
For a few weeks, millions of Apple devices have been exposed to a new, dangerous vulnerability called “Airborne”. It is a type of security bellies in the Airplay protocol, the system that allows iPhone, iPad, Mac and Apple TV to send streaming audio and video to other devices, also in wireless mode. The problem is that some of these vulnerabilities have been classified as “Zero-Click”: in simple words, an attack can take place without the user doing anything, simply by sharing the same Wi-Fi network with the attacker.
The experts of the company Oligo Security have identified well 23 problemsof which 17 already officially registered with CVE code (Common Vulnerability and Exposures), and at least two so important as to allow chain attacksable to spread automatically from one device to another. A sort of “Digital Worm “.
Invisible attacks. The main threat concerns the exploits (i.e. a technique for violate the system using an error in the code) defined as “Zero-Click Wormable”: just find yourself on a shared network (like a public Wi-Fi in the hotel or at the airport) to allow a hacker to infiltrate our device, if Airplay is active and set to receive “anyone on the same network”. From there, the intrusion can replicate and spread to other vulnerable devices connected later, even at home or in the office.
The researchers have shown that This type of attack works not only on Macbut also on smart speakers and even on Carplay systems Installed in cars: in the worst cases, the evil code can activate the audio, view images, listen to conversations or even follow the position of the vehicle. The risk does not concern only privacy: in some cases, the malfunction of the systems could cause distractions to the driver and put road safety at risk.
Widespread technology. Airplay It is one of the most present software of the Apple ecosystem. Born to convey music from iTunes to the old Airport Express routers, today is integrated in iPhone, iPad, Mac, Apple TV, Smart Speaker, Carplay, third -party televisions and audio systems.
With the introduction of these receivers on MacOS in 2021 and subsequently also on iOS and iPados, the land for a possible attack have enlarged enormously. Means that Many more devices can be used not only to receive content, but also – potentially – as a door to the entrance for computer attacks.
How to defend yourself. To protect yourself from airborne the first rule is simple: immediately update all devices.
Apple has released corrective patches for iOS (version 18.4 or later), macOS (Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5), iPados, Tvos and even Visionos. If updates cannot be made, it is recommended deactivate the Airplay receiver when you don’t need And Set the “Allow Airplay from” on “current user” option. This does not completely eliminate the risk, but makes it much more difficult to exploit. Finally, it is useful to install a reliable security solution: on the other hand, the belief that Apple devices are immune to malware has now been widely overcome.
