Memory Handling Vulnerabilities in Apple AirPlay and CarPlay Products
CVE-2025-24132

6.5MEDIUM

Key Information:

Vendor: Apple
Status: Airplay Audio Sdk; Airplay Video Sdk; Carplay Communication Plug-in
Vendor: CVE Published:; 30 April 2025

Badges

📰 News Worthy

What is CVE-2025-24132?

An issue was identified in the memory management of Apple’s AirPlay audio SDK, video SDK, and CarPlay Communication Plug-in. An attacker within the local network could exploit this vulnerability to cause unexpected termination of applications, potentially disrupting services and affecting user experience. Updates have been released with improved memory handling to mitigate these risks.

Affected Version(s)

AirPlay audio SDK < 2.7.1

AirPlay video SDK < 3.6.0.126

CarPlay Communication Plug-in < unspecified

News Articles

Hackread

CVE-2025-24252 CVE-2025-24132

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities - Update Now!

AirBorne flaws in Apple AirPlay expose billions of devices to remote attacks, RCE, data theft. Update iPhones, Macs, CarPlay and 3rd-party devices.

References

https://support.apple.com/en-us/122403

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Hackread
May 3, 2025
Vulnerability published
Apr 30, 2025