Airborne’ isn’t as bad as you think
Recent regular media reporting about the newly publicized AirPlay “Airborne” vulnerability made it sound like your smart home and iPhones are wide open for attackers to rob you blind. They aren’t.
Let’s recap, because there’s been a lot of hysteria lately.
AirPlay and CarPlay make it easy to stream media, mirror your screen, or connect your iPhone to your car. In April 2025, security researchers at Oligo discovered vulnerabilities in how some third-party devices implement AirPlay.
These bugs allow an attacker on the same Wi-Fi network to — theoretically — hijack a device without any user interaction. That’s called a zero-click exploit.
The only real risk comes from outdated third-party gear on unsecured networks. If your software is current or, but preferably and, your Wi-Fi is locked down, you’re in the clear.
Apple addressed the AirPlay vulnerability quickly. Updates in iOS 18.4 and macOS 15.5 closed the loophole in Apple devices. If you’ve updated, your iPhone, iPad, and Mac are already protected.
Media venues have already started screaming that this is a terrible flaw, laying bare the iPhone to any who might walk by you. You’re in danger from your smart home, one venue said, promoted with a “you won’t believe” headline to trumpet the flaw.
Real-world risk assessment of Airborne
This is where context matters. These attacks only work if the attacker is already on the same network, knows exactly what they’re doing, knows exactly what you have, and their targeted device is both unpatched and left exposed.
That makes home Wi-Fi networks effectively zero risk assuming you’ve got a strong password and a halfway modern router. The greater concern — but still not a big one — is public and unsecured Wi-Fi.
Devices brought into hotels, cafes, or airports could be exposed, especially if they auto-connect to unsecured networks. However, most people don’t carry their smart speakers around in public, and AirPlay isn’t commonly used in these spaces.
And, in a few public Wi-Fi networks we’ve tried since the announcement, AirPlay ports are blocked. This means that the attack can’t even be carried out on that network at all.
CarPlay presents a slightly different challenge, particularly for units that create their own Wi-Fi network or allow pairing over unsecured Bluetooth. Some vehicles or aftermarket units might be exposed if they use weak Wi-Fi credentials or don’t require permission to pair.
In some configurations, a USB connection could be leveraged for exploits, but no attack against Apple’s CarPlay implementation in automaker systems has been demonstrated.
And then again, the assailant doesn’t just need to be on the same network, but sitting in the car with you.
How to protect your devices
Let’s be clear. We’d like to see an AirPort update to patch this out, but we’d just like to see that hardware kept alive anyhow for other reasons. They’re still safe assuming your network is secure, but still.
Otherwise, you don’t have to do much to keep your data safe. To reduce your exposure, keep your software updated. Install updates promptly to ensure your devices are protected.
Next, secure your home Wi-Fi by using WPA3 if available, disabling WPS, and creating strong, unique passwords. This helps keep intruders off your network in the first place. This is just good general advice.
Apple patched its products
Check your third-party gear by visiting manufacturer websites to see if your smart speakers or TVs have firmware updates. Keeping these devices up-to-date is crucial for maintaining security.
There’s no backdoor to your personal data through an old speaker or light bulb. At all. An unpatched device can still be used to cause trouble on your network.
Next, avoid using public Wi-Fi for AirPlay, and don’t stream content or pair devices on open networks you don’t control. If you rarely use AirPlay, turn it off in settings to reduce the chance of unauthorized access.
Finally, Aftermarket CarPlay systems deserve extra attention. Change default passwords, and don’t trust gear that hasn’t seen a firmware update since 2021.
If your setup is up to date and on a secure home network, you’re unlikely to be affected. Older third-party devices, especially in untrusted networks, pose a risk, but they still don’t expose your updated iPhone or Mac to data pilfering.
And if you’re really paranoid, block all network traffic to and from ports 554, 3689, and 5353. That will also stop things like printer sharing and iTunes music sharing, but it stops the attack cold.
AirPlay and CarPlay remains safe for most users with extremely basic precautions. All the Airborne vulnerabilities really show is how even convenient tools need regular maintenance and awareness — and how security news can be quickly overblown.
