{"id":127730,"date":"2025-09-12T00:12:28","date_gmt":"2025-09-11T18:42:28","guid":{"rendered":"https:\/\/www.techworm.net\/?p=127730"},"modified":"2025-09-12T00:12:28","modified_gmt":"2025-09-11T18:42:28","slug":"hackers-expose-critical-apple-carplay-flaw-at-defcon","status":"publish","type":"post","link":"https:\/\/www.techworm.net\/2025\/09\/hackers-expose-critical-apple-carplay-flaw-at-defcon.html","title":{"rendered":"Hackers Expose Critical Apple CarPlay Flaw At DefCon"},"content":{"rendered":"

At this year\u2019s DefCon 33 security conference, security researchers unveiled a major flaw in Apple\u2019s CarPlay system that could allow hackers to take control of a car\u2019s infotainment system \u2014 all without the driver clicking a thing \u2014 a true zero-click exploit.<\/p>\n

The demonstration, titled \u201cPwn My Ride\u201d<\/em>, shed light on how attackers could exploit weaknesses in the wireless version of CarPlay to run malicious code and gain full system access \u2014 leaving millions of vehicles potentially at risk.<\/p>\n

The Vulnerability At The Core<\/strong><\/p>\n

The critical flaw, tracked as CVE-2025-24132, is a stack buffer overflow found in Apple\u2019s AirPlay software development kit (SDK), the same protocol that is used to wirelessly mirror iPhone screens.<\/p>\n

The vulnerability can be triggered once an attacker joins the vehicle\u2019s Wi-Fi network. It allows them to execute malicious code with root privileges \u2014 the highest level of system access \u2014 effectively giving them complete control of the multimedia system.<\/p>\n

The issue affects:<\/p>\n