Photo by Medhat Dawoud on Unsplash

Apple AirPlay Vulnerability Exposes Millions of Devices to Wi-Fi Attacks

The Discovery of the Flaw

Researchers at Witchetty Labs, a security firm specializing in network protocol analysis, have identified a critical flaw in the Bonjour protocol used by Apple AirPlay for communication between devices. The vulnerability was demonstrated during a cybersecurity conference in April 2025, revealing that any device with AirPlay enabled and connected to the same Wi-Fi network can be exploited by attackers.

According to experts, the attack is possible because AirPlay accepts connections without proper authentication, relying solely on the presence of devices on the same network. This creates an opportunity for hackers to send fake commands, capture data in transit, or even take control of TVs, speakers, iPhones, iPads, and Macs.

How the Attack Works

The attack, dubbed "AirJack," exploits the use of the mDNS (Multicast DNS) protocol, which is responsible for discovering AirPlay-compatible devices on local networks. The vulnerability allows an attacker to spoof discovery packets, tricking Apple devices into connecting to malicious services. These services, in turn, can execute commands, mirror content, and in some cases, steal user data.

Tests showed that the attack can be initiated in seconds, without requiring user interaction. This makes it particularly dangerous in public environments such as cafes, airports, and hotels, where Wi-Fi networks are widely used and less secure.

Affected Devices

The vulnerability affects any device that uses AirPlay and is connected to a shared Wi-Fi network. This includes:

• iPhones with iOS 14 or later

• iPads with iPadOS 14 or later

• Macs with macOS Big Sur or later

• Apple TV (all versions with AirPlay 2)

• HomePod and HomePod mini

• Smart TVs from brands like LG, Samsung, Sony, and Vizio with AirPlay support

• AirPlay-compatible audio receivers and speakers

It is estimated that over 1 billion active devices worldwide support AirPlay, making this flaw one of the largest ever recorded in terms of potential impact.

Recommended Mitigation Measures

Although Apple has not yet released an official patch to fix the flaw, experts and the company itself recommend some immediate actions to reduce risks:

• Disable AirPlay on public networks: Go to Settings > AirPlay & Handoff (on iPhones and iPads) and disable automatic device detection.

• Avoid public or unknown Wi-Fi connections: Use mobile networks or VPNs when away from home.

• Keep the operating system updated: Pay attention to security updates for iOS, iPadOS, macOS, and tvOS, as Apple should fix the flaw soon.

• Use firewalls and network segmentation: In corporate environments, it is crucial to isolate devices that use AirPlay on separate networks.

• Monitor strange behavior on devices: Screen mirroring without command, the appearance of unknown devices, or frequent interruptions in AirPlay usage are signs of a possible attack.

Apple's Response

In a statement sent to the press, Apple confirmed that it is aware of the vulnerability and is "working rapidly to address the issue in future software updates." The company also reiterated its commitment to user privacy and security.

Cybersecurity experts praised Apple's transparency in acknowledging the problem but warned that the nature of the attack requires a swift and broad response, as many users use AirPlay daily, especially in corporate and educational environments.

What Experts Say

Digital security researcher Alex Navarro, one of those responsible for the discovery, commented:

"AirPlay was designed to be simple and practical, but this simplicity ended up sacrificing crucial security aspects. What we discovered is that anyone connected to the same network can compromise a device without the user even noticing."

Kaspersky analyst Felipe Ferreira warns:

"This vulnerability shows how widely used features can be exploited silently. AirPlay, being a native functionality, is often overlooked in security audits."

What Users Can Expect

While Apple prepares the fix, users should adopt a preventive stance. This flaw also serves as a warning about the risks of poorly protected wireless technologies. Even convenient features like AirPlay should be configured with caution — especially in places with open networks.

The expectation is that Apple will release specific updates in the coming weeks. Experts also suggest that future versions of AirPlay include enhanced authentication and session isolation to prevent such attacks.

Conclusion

The flaw in Apple AirPlay shows that even companies known for their security are not immune to vulnerabilities. The incident reinforces the need to keep devices updated, avoid insecure public networks, and review connectivity settings regularly.

With billions of devices at risk, the AirJack case may be remembered as one of the biggest security alerts of the digital age — highlighting that convenience should never come at the expense of data protection.

Source: TechCrunch