Access Issue in Apple Products Allows Unauthorized AirPlay Commands
CVE-2025-24271

5.4MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 29 April 2025

What is CVE-2025-24271?

An access control vulnerability was identified in various Apple operating systems that could allow an unauthorized user on the same network to send AirPlay commands to a signed-in Mac without requiring pairing. This issue highlights potential risks for users, as it could lead to unauthorized access and manipulation of devices. Apple has addressed this issue with improved access restrictions in the latest versions of macOS, tvOS, iPadOS, and visionOS, emphasizing the importance of keeping devices updated to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025

JSON

Apple