Memory Handling Vulnerabilities in Apple AirPlay and CarPlay Products
CVE-2025-24132

6.5MEDIUM

Key Information:

Vendor
Apple
Status
Airplay Audio Sdk
Airplay Video Sdk
Carplay Communication Plug-in
Vendor
CVE Published:
30 April 2025

Badges

đź“° News Worthy

Summary

An issue was identified in the memory management of Apple’s AirPlay audio SDK, video SDK, and CarPlay Communication Plug-in. An attacker within the local network could exploit this vulnerability to cause unexpected termination of applications, potentially disrupting services and affecting user experience. Updates have been released with improved memory handling to mitigate these risks.

Affected Version(s)

AirPlay audio SDK < 2.7.1

AirPlay video SDK < 3.6.0.126

CarPlay Communication Plug-in < unspecified

News Articles

favicon imageHackread

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities - Update Now!

AirBorne flaws in Apple AirPlay expose billions of devices to remote attacks, RCE, data theft. Update iPhones, Macs, CarPlay and 3rd-party devices.

6 days ago

References

https://support.apple.com/en-us/122403

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Hackread

  • Vulnerability published

.
CVE-2025-24132 : Memory Handling Vulnerabilities in Apple AirPlay and CarPlay Products | SecurityVulnerability.io