The security holes involve the use of a common Apple feature (Picture: REUTERS)

Experts have found a flaw in Apple iPhones that lets hackers worm their way into any device.

Oligo Security discovered 23 vulnerabilities in AirPlay,which lets users stream from their iPhone,iPad or MacBook to devices via Wi-Fi.

Gadgets AirPlay works with include Apple TV,HomePod,smart TVs,speakers or receivers.

Two of these security holes allow attackers to infect a device with malware that then spreads to all the other gadgets on the same Wi-Fi network,the computer application company found.

AirPlay,Apple’s wireless-audio standard,had two major flaws hackers could exploit (Picture: Shutterstock/FellowNeko)

Oligo named these weaknesses ‘AirBorne’ as they ‘allow attackers to fully take over devices and use that access as a launchpad for further exploitation’.

These vulnerabilities,with the very catchy names of CVE-2025-24252 and CVE-2025-24132,pave the way for cyber crooks to carry out ‘other sophisticated attacks’,such as espionage or ransomware.

Think hackers executing malicious code to gain control,steal your personal information,eavesdrop on conversations or crash the device.

CarPlay,which combines iPhone programmes,including maps,messages and music,into a single interface,is also impacted,the researchers found.

Attackers could carry out what is called a ‘remote code execution attavck’,so they can deploy malware and steal data.

‘Using the WiFi hotspot in the CarPlay device,an attacker could execute an RCE attack given that they are in close proximity to the CarPlay unit,’ Oligo said.

‘If the device has a default,predictable or known Wi-Fi hotspot password,it is possible to gain access and then execute the RCE.  

Hackers,however,can only exploit these bugs when they are on the same Wi-Fi network as the device they are targeting. 

AirPlay is available on many modern Apple gadgets (Picture: Apple)

As AirPlay works with third-party devices,of which there are tens of millions of,Oligo says iPhones may still be vulnerable if the manufacturer hasn’t updated.

Don’t worry,though. There’s a good chance that your Apple device is shielded from these nasty bugs.

Apple added the necessary patches on April 28 to its March update,iOS 18.4 and iPadOS 18.4,having worked with Oligo to patch it.

This was confirmed on the National Vulnerability Database,where entries for the two bugs say they were fixed with ‘improved memory management’.

Check your phone to see if it’s updated to keep yourself protected.

For peace of mind,only toggle on AirPlay when you need it. When the feature is on,the device is always on the look out for AirPlay signals,making it a viable ‘attack surface’.