Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

AirPlay hacked?

B

BigEndian

macrumors newbie
Original poster
Sep 25, 2017
4
11
At work we are able to have MacBooks as an alternative to PCs.
These are managed with InTune/Company Portal.
Our IT department blocks AirPlay so we are unable to wirelessly share the display to for instance the large TV screens in our meeting rooms.
The explanation for this is that there are vulnerabilities in AirPlay so leaving it open risks our corp environment.

I can’t find any references to AirPlay vulnerabilities anywhere but they must exist and be quite dangerous as qI am sure our IT department wouldn’t make things up.

Is anyone aware of what these vulnerabilities in AirPlay are and should I be worried at home and also avoid using this on my iPhone? Is apple keeping this secret?
 
This is excuses big time. Business needs shouldn't be shunted for "security" that is just security theatre. They need to get a real security professional who knows what they're talking about.
 
Neither of those cited references have anything to do with the topic of this thread, AirPlay.

And even if AirPlay were vulnerable as described, all that would mean in the scenario under discussion is that the company would be able to figure out who is airplaying to their TV.
 
BigEndian said:
At work we are able to have MacBooks as an alternative to PCs.
These are managed with InTune/Company Portal.
Our IT department blocks AirPlay so we are unable to wirelessly share the display to for instance the large TV screens in our meeting rooms.
The explanation for this is that there are vulnerabilities in AirPlay so leaving it open risks our corp environment.

I can’t find any references to AirPlay vulnerabilities anywhere but they must exist and be quite dangerous as qI am sure our IT department wouldn’t make things up.

Is anyone aware of what these vulnerabilities in AirPlay are and should I be worried at home and also avoid using this on my iPhone? Is apple keeping this secret?
Click to expand...
IT worker here. They don’t want some idiot taking over the screen during a meeting, that’s all.
 
  • Like
Reactions: chown33 and chabig
The security research firm Oligo found multiple wormable RCEs in Apple AirPlay protocol including the Apple AirPlay SDK.

This is the most significant hack of Apple products ever discovered. Full stop.

Any device that supports Apple AirPlay requires a firmware update. But the vast majority of cars, smart TVs and Bluetooth speakers WILL NEVER RECEIVE an update to their Apple AirPlay SDK implementations.

All of these devices not running 18.4.1 are rootable by anyone with TCP 7000 access indefinitely in the future.

This is a 5 alarm fire. The catastrophic implications of the severity of this vulnerability can not be overstated.

Who knows how long state sponsored hackers have been exploiting this and now horrifyingly script kiddies are going to be able to exploit this for decades to come.


www.wired.com

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi

Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
www.wired.com www.wired.com

arstechnica.com

Millions of Apple Airplay-enabled devices can be hacked via Wi-Fi

Hackers can run their code on AirPlay devices thanks to a collection of bugs known as AirBorne.
arstechnica.com arstechnica.com

www.oligo.security

AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security

Oligo Security reveals AirBorne, a new set of vulnerabilities in Apple’s AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide — and how to protect yourself.
www.oligo.security www.oligo.security
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back