| |

Apple CarPlay Vulnerability Exploited for Remote Code Execution and Root Access

ByAdmin

At the recent DefCon security conference, researchers unveiled a critical exploit chain that enables attackers to gain root access to vehicle infotainment systems by targeting Apple CarPlay. This multi-stage attack, dubbed “Pwn My Ride,” exploits a series of vulnerabilities in the protocols that support wireless CarPlay, ultimately leading to remote code execution on the car’s multimedia unit. The primary exploit revolves around CVE-2025-24132, a stack buffer overflow vulnerability within the AirPlay protocol SDK. Researchers from Oligo Security demonstrated how this flaw can be activated once an attacker gains access to the vehicle’s Wi-Fi network. The vulnerability impacts a broad range of devices utilising AirPlay audio SDK versions prior to 2.7.1, AirPlay video SDK versions before 3.6.0.126, and specific versions of the CarPlay Communication Plug-in. By leveraging this buffer overflow, an attacker can execute arbitrary code with the highest level of system privileges, effectively seizing control of the infotainment system.

The attack initiates by targeting the initial connection process of wireless CarPlay, which relies on two key protocols: iAP2 (iPod Accessory Protocol) over Bluetooth and AirPlay over Wi-Fi. Researchers identified a fundamental authentication flaw within the iAP2 protocol. While the protocol ensures that the car authenticates the phone, it fails to perform the reverse authentication; the phone does not authenticate the car. This one-way authentication allows an attacker’s device to masquerade as a legitimate iPhone. The attacker can then pair with the vehicle’s Bluetooth, often without a PIN code due to many systems defaulting to the insecure “Just Works” pairing mode. Once paired, the attacker exploits the iAP2 flaw to send a RequestAccessoryWiFiConfigurationInformation command, tricking the system into revealing the vehicle’s Wi-Fi SSID and password. After acquiring the Wi-Fi credentials, the attacker connects to the car’s network and triggers CVE-2025-24132 to gain root access. This entire sequence can be executed as a zero-click attack on numerous vehicles, requiring no interaction from the driver. Although Apple issued a patch for the vulnerable AirPlay SDK in April 2025, researchers noted that, to their knowledge, no car manufacturer has implemented the fix. Unlike smartphones, which receive frequent over-the-air (OTA) updates, vehicle software update cycles are notoriously slow and fragmented. Many cars necessitate a manual update at a dealership, and each automaker must independently test and validate the patched SDK for their specific hardware. This significant delay leaves millions of vehicles vulnerable to this exploit long after a fix has been made available, underscoring a critical gap in the automotive supply chain’s security posture. 

Categories: Cybersecurity, Automotive Vulnerabilities, Exploit Techniques 

Tags: Exploit, Vulnerability, CarPlay, Infotainment, AirPlay, iAP2, Authentication, Root Access, Zero-Click Attack, Automotive Security 

Similar Posts

Weekly Cybersecurity News Roundup: Key Security Updates from Microsoft, Cisco, and Fortinet, Plus Recent Cyber Attack Insights Stay informed with our latest weekly recap of cybersecurity news, featuring essential security updates from industry leaders Microsoft, Cisco, and Fortinet. We also delve into recent cyber attacks, providing insights into emerging threats and vulnerabilities. Don’t miss out on crucial information that can help safeguard your digital assets!

Leave a Reply

Your email address will not be published. Required fields are marked *