AI description
CVE-2025-24132 is a stack-based buffer overflow vulnerability that exists in Apple's AirPlay SDK. Successful exploitation could allow a local attacker to perform zero-click remote code execution on vulnerable AirPlay SDK devices. It can also potentially lead to sensitive information disclosure through eavesdropping on devices with microphones. The vulnerability can be triggered by sending malformed pairing packets over TCP port 7000. It affects AirPlay audio SDK, AirPlay video SDK, and CarPlay Communication Plug-in. Updates have been released to address this issue in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1.
- Description
- The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- airplay_audio_software_development_kit, airplay_video_software_development_kit, carplay_communication_plug-in
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
46
⚠️ This week’s Threatsday Bulletin is here. 🔹 CarPlay exploit (CVE-2025-24132) 🔹 Root access—no clicks needed 🔹 Patch released, but OEMs haven’t applied it 🔹 and more critical threats you can’t ignore... Your systems may already be at risk. Read ↓ htt
@TheHackersNews
2 Oct 2025
55332 Impressions
30 Retweets
95 Likes
24 Bookmarks
0 Replies
2 Quotes
Apple CarPlay flaw (CVE-2025-24132) enables zero-click RCE via Bluetooth—most cars remain unpatched months after fix. Infotainment is now an attack surface. 🚗💥 #CarPlayExploit #AutoCyberThreats https://t.co/E34ogKLgfI
@manuelbissey
15 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Apple CarPlay] 脆弱性CVE-2025-24132、なぜ修正パッチは適用されないのか?自動車業界の構造的課題に迫る https://t.co/xvQWixNTdY
@yousukezan
15 Sept 2025
940 Impressions
2 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
[Apple CarPlay] 脆弱性CVE-2025-24132、なぜ修正パッチは適用されないのか?自動車業界の構造的課題に迫る https://t.co/ZmzyA1GsDu 私たちユーザーは、「クルマもハッキングされる時代」に生きているという認識を新た
@innovaTopia_JP
13 Sept 2025
105 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/ZpA0SXtJEG 🚨 Apple CarPlay Exploit Still Unpatched in Most Cars 🚨 Nearly half a year after Apple released a fix for a zero-click CarPlay vulnerability (CVE-2025-24132), most vehicles remain unpatched. Researchers found attackers could exploit weak Bluetooth o
@M_Trucking_Ins
12 Sept 2025
45 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple CarPlayのRCE脆弱性CVE-2025-24132が未修正のまま放置される問題 https://t.co/J8TEgECitB #Security #セキュリティ #ニュース
@SecureShield_
12 Sept 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oligo uncovers Apple CarPlay's security flaw CVE-2025-24132, allowing remote code execution via AirPlay due to weak Bluetooth pairing. Attackers can access WiFi credentials for RCE attacks. Apple fixed this in AirPlay SDK, but car makers lag in implementing the patch, leaving
@bigmacd16684
11 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AppleのCarPlayにおけるroot権限での遠隔コード実行の脆弱性について。CVE-2025-24132。スタックオーバーフロー。修正済みのSDKは4/29に提供済みだが、多くの車載ユニットではまだ修正が反映されていない。PIN不要で
@__kokumoto
10 Sept 2025
1307 Impressions
5 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Apple CarPlay Hacking Risks: CVE-2025-24132 Explained https://t.co/gcsVgQkxkr https://t.co/W48HThaPNh
@secharvesterx
10 Sept 2025
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pwn My Ride: Apple CarPlay RCE - iAP2 protocol and CVE-2025-24132 Explained https://t.co/OX3YRaBdrG
@_r_netsec
10 Sept 2025
2170 Impressions
8 Retweets
21 Likes
17 Bookmarks
0 Replies
0 Quotes
🔥 วันวุ่น ๆ ของวัยรุ่นไอที! งานก็ยุ่งแล้ว ข่าวไซเบอร์ก็ยังแรงต่อเนื่อง วันนี้ทาง STH ได้รวบรวมข่าวที่
@siamthanathack
8 May 2025
133 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en Apple Airplay ❗CVE-2025–24252 ❗CVE-2025-24206 ❗CVE-2025-24132
@minacrissDev_
8 May 2025
243 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Múltiples vulnerabilidades en Apple Airplay ❗CVE-2025–24252 ❗CVE-2025-24206 ❗CVE-2025-24132 ➡️Más info: https://t.co/GqX38xPu62 https://t.co/RMDZFb8Xwf
@CERTpy
6 May 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical AirPlay vulnerabilities (CVE-2025-24252, CVE-2025-24132) allow zero-click RCE over local Wi-Fi, affecting Apple devices & third-party receivers. Wormable exploit could spread autonomously across networks. Actions: •Update to latest OS versions •Restrict AirPla
@redfoxsec
6 May 2025
83 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
New Apple exploit dropped. CVE-2025-24252 + CVE-2025-24132 = silent RCE Check em out if you like this shit
@_0xHuCk
5 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-click. Wormable. Network-spreading. New flaws in Apple’s AirPlay protocol (🔓 AirBorne) could let hackers hijack your device without a click—then ride your Wi-Fi into corporate networks. CVE-2025-24252 + CVE-2025-24132 = silent RCE across Macs, TVs, speakers. Ju
@TheHackersNews
5 May 2025
23878 Impressions
97 Retweets
226 Likes
52 Bookmarks
3 Replies
7 Quotes
CVE-2025-24132 The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.… https://t.co/K5jFepX0zW
@CVEnew
30 Apr 2025
310 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoCs for CVE-2025-24252 and CVE-2025-24132 Discovered and detailed by Oligo Security Poc by me of one of the many paths we can take to rce. #hacker #cybersecurity #EthicalHacking https://t.co/mNk2urVdN3
@anoncitylights
30 Apr 2025
38 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📱AirPlay Zero-Click Flaws Expose Apple Devices 23 vulnerabilities, including critical RCE flaws (CVE-2025-24252, CVE-2025-24132), let attackers take control of Apple devices with no user interaction. Espionage, ransomware, and supply chain risk. https://t.co/RMhBfTwGYg #Appl
@dCypherIO
30 Apr 2025
52 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
AppleのAirPlayにおける脆弱性群"AirBorne"はゼロクリックでの遠隔コード実行につながる。Oligo Security社報告。修正済み。23件の脆弱性をAppleに報告しており、CVE-2025-24252とCVE-2025-24132の組み合わせがゼロクリック。CV
@__kokumoto
29 Apr 2025
611 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:airplay_audio_software_development_kit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BEE19EA-7BD5-441D-8C25-F2529C5AF5A5",
"versionEndExcluding": "2.7.1"
},
{
"criteria": "cpe:2.3:a:apple:airplay_video_software_development_kit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFAC8539-73DB-4545-A221-21F5E24B9AF8",
"versionEndExcluding": "3.6.0.126"
},
{
"criteria": "cpe:2.3:a:apple:carplay_communication_plug-in:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00E0D29A-8A73-4E08-9937-6574886D872D",
"versionEndExcluding": "r18.1"
}
],
"operator": "OR"
}
]
}
]