AI description
CVE-2025-24132 is a stack-based buffer overflow vulnerability that exists in Apple's AirPlay SDK. Successful exploitation could allow a local attacker to perform zero-click remote code execution on vulnerable AirPlay SDK devices. It can also potentially lead to sensitive information disclosure through eavesdropping on devices with microphones. The vulnerability can be triggered by sending malformed pairing packets over TCP port 7000. It affects AirPlay audio SDK, AirPlay video SDK, and CarPlay Communication Plug-in. Updates have been released to address this issue in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1.
- Description
- The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.
- Source
- product-security@apple.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-119
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
⚠️Múltiples vulnerabilidades en Apple Airplay ❗CVE-2025–24252 ❗CVE-2025-24206 ❗CVE-2025-24132 ➡️Más info: https://t.co/GqX38xPu62 https://t.co/RMDZFb8Xwf
@CERTpy
6 May 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical AirPlay vulnerabilities (CVE-2025-24252, CVE-2025-24132) allow zero-click RCE over local Wi-Fi, affecting Apple devices & third-party receivers. Wormable exploit could spread autonomously across networks. Actions: •Update to latest OS versions •Restrict AirPla
@redfoxsec
6 May 2025
83 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
New Apple exploit dropped. CVE-2025-24252 + CVE-2025-24132 = silent RCE Check em out if you like this shit
@_0xHuCk
5 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-click. Wormable. Network-spreading. New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks. CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Ju
@TheHackersNews
5 May 2025
23878 Impressions
97 Retweets
226 Likes
52 Bookmarks
3 Replies
7 Quotes
CVE-2025-24132 The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.… https://t.co/K5jFepX0zW
@CVEnew
30 Apr 2025
310 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoCs for CVE-2025-24252 and CVE-2025-24132 Discovered and detailed by Oligo Security Poc by me of one of the many paths we can take to rce. #hacker #cybersecurity #EthicalHacking https://t.co/mNk2urVdN3
@anoncitylights
30 Apr 2025
38 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📱AirPlay Zero-Click Flaws Expose Apple Devices 23 vulnerabilities, including critical RCE flaws (CVE-2025-24252, CVE-2025-24132), let attackers take control of Apple devices with no user interaction. Espionage, ransomware, and supply chain risk. https://t.co/RMhBfTwGYg #Appl
@dCypherIO
30 Apr 2025
52 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
AppleのAirPlayにおける脆弱性群"AirBorne"はゼロクリックでの遠隔コード実行につながる。Oligo Security社報告。修正済み。23件の脆弱性をAppleに報告しており、CVE-2025-24252とCVE-2025-24132の組み合わせがゼロクリック。CV
@__kokumoto
29 Apr 2025
611 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes