Apple's AirPlay feature enables iPhone and MacBook to play music or display photos and videos seamlessly on other Apple devices or third-party speakers and TVs with integrated protocols. Now, the newly discovered security flaw in Airplay means that those same wireless connections can allow hackers to move equally easily across the network, spreading malicious code from one infected device to another infected device. Apple products are known for receiving fixes regularly, but considering that some of the few smart home devices are patched, these wirelessly enabled malware footholds, many of these devices will likely last for years in many AirPlay-enabled devices.

On Tuesday, researchers at cybersecurity firm Oligo revealed what they called airborne, a series of vulnerabilities that affect Applelay, Apple's Apple, Apple's proprietary radio protocol for local wireless communications. Errors in third-party devices in Apple's Airplay Software Development Kit (SDK) will allow hackers to hijack speakers, receivers, settings boxes, or smart TVs, and if they are on the same Wi-Fi network as the hacker machine, they can hijack such as speakers, receivers, settings boxes, or smart TVs. Apple told Oligo that another set of onboard vulnerabilities could also enable hackers to exploit Apple devices with Applay enabled, although these bugs have been patched in the update over the past few months, while Apple told WIRED that these bugs can only be exploited if users change the default AirPlay settings.

In addition to these Apple devices, Oligo's chief technology officer and co-founder Gal Elbaz estimates that among the tens of millions, potentially vulnerable third-party driving devices numbers. “Because it’s supported for playback in so many devices, it takes years to patch or never patch them,” Elbaz said. “It’s all because of the vulnerability that affects everything in a piece of software.”

While Oligo has worked with Apple for months to patch the air bugs in all affected devices, the TV-based security company warns that airborne vulnerabilities in many third-party gadgets may still be hackable unless users take action to update them. If hackers can access the same Wi-Fi network as those fragile devices, whether it's hacking another computer on a home or corporate network, or simply connecting to the same coffee shop or airport Wi-Fi, they can secretly take over the gadgets. From there, they can use this control to maintain invisible access points, attack other targets on the network, or add machines to the botnet of infected, coordinated machines under the control of hackers.

Oligo also notes that many fragile devices have microphones and can become spy devices. The researchers did not create proof-of-concept malware for any specific target that could prove the technique.

Oligo said it warned Apple of airborne discoveries in late fall and winter, and in the months since, Apple responded by launching security updates. Researchers worked with Apple to test and verify fixes for Mac and other Apple products.

Apple told Wired that it also created patches to affect third-party devices. However, the company stressed that due to errors, attacks are likely to be attack limitations on enabling aircraft devices, as attackers must be the same targets as they exploited on the same Wi-Fi network. Apple added that while there may be some user data on devices like TVs and speakers, it is often very limited.