AirPlay Security Flaws Impact Third-Party Devices and Unpatched Apple Products

[MobyOne]

This would be useful information — the AirPort firmware has not been updated since 2019 (versions 7.8.1 and 7.9.1) — I have four 2nd-generation Expresses used only for Airplay 2 audio on a WiFi 7 mesh network. There’s also a Time Capsule connected via Ethernet that only functions as a storage device for Time Machine, but it’s accessible from the network. Are they vulnerable, in theory? It is not a public network, but still, I’m curious. Should Apple update this firmware?

Also using a Airport express 2 for Airplay to my amp/speakers setup. But only wired. I would not use/recommend using the wifi on devices this old. If only wired i dont think the Airborne vulnerability is an issue.

 

[tenthousandthings]

Also using an Airport express 2 for Airplay to my amp/speakers setup. But only wired. I would not use/recommend using the wifi on devices this old. If only wired i dont think the Airborne vulnerability is an issue.

I don’t think it matters how the device is connected to the network, wired or wireless. The security vulnerabilities were/are in the AirPlay protocols, not the WiFi protocols.

Mine are set up to “join” the network (as opposed to “extend”), so they just function as clients, they don’t provide WiFi. [Note that to set this up on a mesh network you have to connect them via Ethernet to change the settings, you can’t do it via WiFi, afterwards you can disconnect the Ethernet and they will then join the network wirelessly.]

 

[MobyOne]

I don’t think it matters how the device is connected to the network, wired or wireless. The security vulnerabilities were/are in the AirPlay protocols, not the WiFi protocols.

Mine are set up to “join” the network (as opposed to “extend”), so they just function as clients, they don’t provide WiFi. [Note that to set this up on a mesh network you have to connect them via Ethernet to change the settings, you can’t do it via WiFi, afterwards you can disconnect the Ethernet and they will then join the network wirelessly.]

That is correct. Atm i'm more worried that the wifi protocols used are outdated and vulnerable then the Airplay vulnerability is exploited on my network .

 

[johnalan]

The article states a "wormable" condition is an option which would be easily carried out for MacOS. There is no suggestion it breaks sandboxing it's an annoying MiTM attack for rerouting or rogue casting. It can't infect a phone. Again, this all presupposes and unpatched device too. The phone attack footprint is pretty small. But it sounds scary. The worrying part is the Mac side

This is the part I don’t get.

Apparently it can “infect” devices and sit dormant then when on WiFi networks later transmit to vulnerable devices.

How can one check if the worm is on their Mac or iPhone, would this survive a reboot? I thought the secure boot chain would stop this. I mean there are no untethered jailbreaks.

Does the fix/patch also remove the worm?

Feels like they’re saying a zero day can essentially infect your machine with arbitrary code.

 

[MacHeritage]

Can you tell if these vulnerabilities are only applicable to AirPlay Receiver or if there were other vulnerabilities related to AirPlay, etc? If the former, then only Monterey, the first version of macOS to include AirPlay Receiver, would be left vulnerable after the last round of patches/security updates.

No idea on that one, don't have the time to research it. But if you find out, please let us all know here.

 

[123]

I don’t doubt it exists, but have you ever seen a corp out there with company resources on a public and open network?! Even my tiny neighborhood pub and the bakery have that on a separate network. If a client really needs to connect to business hardware, I’m sure a login/password can be provided…

Again, I don’t doubt it exists (8 billion humans and all), I’m just curious if anyone has ever seen it, and what kind of company it was!

It's not about public WiFi. It's about corporate networks and guest networks. You wouldn't give random colleagues, business partners, customers etc. access to your computer. But this is essentially what potentially happens. Think about large corporations like Google and Apple. Meeting rooms can be booked by anyone and are shared by anyone. If an attack like this is possible, you can never rule out that some guy in the morning installs something on the AirPlay-capable device that you use in the afternoon. Same on campuses, in smaller companies, at conferences, trade shows, coworking spaces, and basically everywhere where business is done. People are like "oh, no problem, they have to be on the same network". People are on the same network with untrusted persons all the time, except maybe at home (but can you trust all your friends and friends of friends and friends of your kids, etc.?)