网络安全研究人员发现苹果AirPlay存在23个安全漏洞，统称为“AirBorne”。这些漏洞可能影响苹果设备和第三方设备，允许攻击者控制设备、部署恶意软件或窃取敏感信息。苹果已经发布了十几个修复程序来解决这些问题。用户应尽快将设备更新到最新版本的macOS、iOS和iPadOS，并在不使用时禁用AirPlay接收器，限制AirPlay访问仅限于信任的设备，并将AirPlay设置中的“允许AirPlay用于”更改为“当前用户”，以降低潜在的安全风险。

⚠️ AirPlay“AirBorne”漏洞影响广泛，攻击者可利用该漏洞远程控制设备，执行恶意操作，甚至窃取用户隐私数据，对用户构成严重威胁。

🛡️ 苹果已发布多个CVE修复程序，包括CVE-2025-24252和CVE-2025-24206等，涵盖macOS Sequoia 15.4、tvOS 18.4、macOS Ventura 13.7.5等多个操作系统版本，用户应及时更新。

⚙️ 除了更新系统，还应采取其他安全措施，如禁用不使用的AirPlay接收器、限制AirPlay访问权限，以及将“允许AirPlay用于”设置为“当前用户”，以增强设备安全性。

🚨 “AirBorne”漏洞不仅影响苹果设备，还可能波及连接到AirPlay的第三方设备，包括智能物联网设备，这些设备也面临安全风险，需要用户密切关注。

This week, cybersecurity researchers with Oligo say they identified 23 vulnerabilities related to Apple AirPlay, leading Apple to issue over a dozen fixes.

Dubbed "AirBorne" by the researchers, the security vulnerabilities affect the Apple AirPlay network and could compromise various devices. According to an Oligo blog post, the researchers say the vulnerabilities "enable an array of attack vectors" that could allow "attackers to potentially take control of devices that support AirPlay — including both Apple devices and third-party devices that leverage the AirPlay [Software Development Kit]."

The Oligo blog outlines a number of potential attacks, including Zero-Click RCE, Man-in-the-Middle, and Denial of Service (DOS) attacks. But if you don't know what any of that means, that's OK — the solution for Apple users is fairly straightforward.

Essentially, as long as you update your devices to the latest versions of macOS, iOS, and iPadOS, your devices should be safe. In addition, some cybersecurity experts recommend disabling the AirPlay feature entirely unless you're actively using it.

The "AirBorne" vulnerabilities would allow hackers to infect Apple devices with malware or seize control of the device, whether that's a MacBook or iPhone. They could then deploy malware or steal sensitive information. AirBorne also affected third-party devices connected to AirPlay, leaving smart Internet-of-things (IOT) devices at risk.

The researchers say they worked with Apple to "identify and address" the flaws, and that Apple issued 17 CVEs in response to the research.

In the cybersecurity world, CVE stands for Common Vulnerabilities and Exposures, and it refers to a specific identifying number associated with a publicly disclosed cybersecurity problem. In a national CVE database hosted by the National Institute of Standards and Technology, users can find a number of new CVEs published by Apple on April 28, 2025, such as CVE-2025-24252 and CVE-2025-24206.

The CVE description states that Apple fixed these bugs in "in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4."