Other iPhone Airplay vulnerability & Emergency Update - (ABC News May 1)

[PhillyGuy72]

I caught this on ABC News last night, May 1. Potential AirPlay vulnerability for hackers....and that Apple released a "software update." - "Go to the settings on your phone and look for the update tonight.

Maybe this was installed silently in the Security Responses & System Files area? (I have it toggled on) 🤷🏻‍♂️

https://imgur.com/a/OLbRKl1

 

[doogm]

18.4 had an AirPlay update and 18.4.1 had a security update for CoreAudio; these sound like the problem they are describing, so I am sure that this is the update they are talking about (e.g., as of now update to 18.4.1)

See https://www.malwarebytes.com/blog/n...ices-at-risk-of-takeover-make-sure-you-update

18.4: https://support.apple.com/en-us/122371

AirPlay
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An unauthenticated user on the same network as a signed-in Mac could send it AirPlay commands without pairing
Description: An access issue was addressed with improved access restrictions.
CVE-2025-24271: Uri Katz (Oligo Security)

18.4.1: https://support.apple.com/en-us/122282

CoreAudio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: A memory corruption issue was addressed with improved bounds checking.
CVE-2025-31200: Apple and Google Threat Analysis Group