**Name of the Vulnerable Software and Affected Versions:**

AirPlay audio SDK versions 2.7.1 and later

AirPlay video SDK versions 3.6.0.126 and later

CarPlay Communication Plug-in version R18.1 and later

**Description:**

The vulnerability stems from improved memory handling within the AirPlay and CarPlay frameworks. An attacker on the local network may be able to cause an unexpected application termination. The issue is related to a stack buffer overflow within the iAP2 protocol, which handles data exchange during the CarPlay connection process. Specifically, the vulnerability arises from insufficient validation of the length of incoming data, such as the device name, allowing an attacker to send a specially crafted packet exceeding the allocated buffer size. This can lead to remote code execution on the vehicle's head unit without user interaction.

**Recommendations:**

AirPlay audio SDK versions prior to 2.7.1 are vulnerable.

AirPlay video SDK versions prior to 3.6.0.126 are vulnerable.

CarPlay Communication Plug-in versions prior to R18.1 are vulnerable.