Apple CarPlay Exploit Puts Apple Users At Risk

National Cybersecurity Alert

Overview:
A vulnerability in Apple CarPlay allows attackers to execute remote code without user interaction. Despite the availability of patches since April 29, 2025, most vendors and car manufacturers have yet to implement fixes, leaving many vehicles exposed.

Look out for:
Unauthorized Access: Attackers can exploit this vulnerability via USB connections, Wi-Fi, or Bluetooth, especially if network passwords are weak or default settings are used.
Bluetooth Pairing: Vehicles using ‘Just Works’ Bluetooth pairing are particularly susceptible, as this method allows devices to connect without restrictions.

Recommended Actions:

Update Systems: Vehicle owners should contact manufacturers or service centers to inquire about available updates for their infotainment systems. Ensure that vehicle network passwords are strong and unique. Disable ‘Just Works’ Bluetooth pairing if possible.