Access Issue in Apple Products Allows Unauthorized AirPlay Commands
CVE-2025-24271

5.4MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; iPad OS; Mac OS
Vendor: CVE Published:; 29 April 2025

Summary

An access control vulnerability was identified in various Apple operating systems that could allow an unauthorized user on the same network to send AirPlay commands to a signed-in Mac without requiring pairing. This issue highlights potential risks for users, as it could lead to unauthorized access and manipulation of devices. Apple has addressed this issue with improved access restrictions in the latest versions of macOS, tvOS, iPadOS, and visionOS, emphasizing the importance of keeping devices updated to mitigate security risks.

Affected Version(s)

iOS and iPadOS < 18.4

iPadOS < 17.7

macOS < 15.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122372

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025