▲AirBorne: Wormable zero-click remote code execution (RCE) in AirPlay protocololigo.security

20 points by throw0101a 7 hours ago | 3 comments

rubatuga 5 minutes ago [-]

Good thing I'm still on macOS 12

throw0101a 7 hours ago [-]

CVE-2025-24252 and CVE-2025-24132 are two examples. Doing a search for "Oligo" in release notes gives various other results, e.g.,

* https://support.apple.com/en-ca/122374

Apple fixed their stuff, but third-parties who used their SDK will have to issue updates as well.

abhisek 4 hours ago [-]

Very curious about the exploitation of CVE-2025-24252, a use-after-free (UAF) using which they achieved zero-click RCE on MacOS. This is inspite of ASLR and heap exploitation mitigations in place to mitigate such vulnerability classes

https://security.apple.com/blog/towards-the-next-generation-...

browser1 2 hours ago [-]

[dead]

Loading comments...