Apple’s AirPlay protocol and software development kit (SDK) is riddled with a serious security flaw. This problem affects billions of devices around the world. Cybersecurity specialists from Oligo Security have identified 23 vulnerabilities that might leave users wide open to takeover by competitors and criminals. AirPlay, widely used for streaming photos, music, and video between Apple devices, has become a potential access point for cybercriminals.
The nature of the vulnerabilities is particularly alarming. As we noted above, even fully updated iPhones can still be vulnerable if they connect to third-party devices that are unable to install the critical updates. Though benign in nature, this circumstance can serve as a backdoor for hackers, threatening the integrity of the entire Apple ecosystem. Cybersecurity expert Patrick Wardle, CEO of DoubleYou, warned about the threats that may come from third-party integrations.
“When third-party manufacturers integrate Apple technologies like AirPlay via an SDK, obviously Apple no longer has direct control over the hardware or the patching process,” Wardle stated. Cybersecurity expert Gal Elbaz points to one scary red flag. This gap in enforcement and control could leave a number of devices permanently vulnerable to exploitation.
“Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,” Elbaz noted. This unfortunate scenario would be highly likely to deteriorate consumer confidence in the Apple ecosystem. Users can be left feeling exposed, even after they’ve done everything right to stay current on their devices.
Cybersecurity experts suggest that users turn off AirPlay when they’re not using it, to prevent outside hackers from accessing the feature. As Wardle pointed out, “If a hacker can get on the same network as one of these devices, they can gain control and use it as a stepping stone to reach everything else.”
Apple users need to be doing something today. Go update your AirPlay devices now to patch these dangerous vulnerabilities! The identification of such vulnerabilities highlights the importance of continued scrutiny from both users and manufacturers.
Leave a Reply