▲AirBorne: Wormable zero-click remote code execution (RCE) in AirPlay protocololigo.security

26 points by throw0101a 8 hours ago | 4 comments

throw0101a 8 hours ago [-]

CVE-2025-24252 and CVE-2025-24132 are two examples. Doing a search for "Oligo" in release notes gives various other results, e.g.,

* https://support.apple.com/en-ca/122374

Apple fixed their stuff, but third-parties who used their SDK will have to issue updates as well.

abhisek 5 hours ago [-]

Very curious about the exploitation of CVE-2025-24252, a use-after-free (UAF) using which they achieved zero-click RCE on MacOS. This is inspite of ASLR and heap exploitation mitigations in place to mitigate such vulnerability classes

https://security.apple.com/blog/towards-the-next-generation-...

hammock 31 minutes ago [-]

On ASLR: you might use the UAF to access memory regions you shouldn’t have access to. By reading the contents, they can potentially leak pointers to a critical library (e.g., libc), allowing them to calculate the offsets to bypass ASLR.

On heap protection: if you spray the heap with predictable data patterns you can improve your chance of landing a useful address, even with ASLR in place

browser1 3 hours ago [-]

[dead]

rubatuga 44 minutes ago [-]

Good thing I'm still on macOS 12

Loading comments...