AirBorne

2 Articles

A red silicone cupcake pan sits on a black glass inductive stove cooktop. The word induction is written in white text on the glass of the stove.

Silicone Bakeware Might Be Bad For Your Liver

January 19, 2026 by 38 Comments

Silicone bakeware has become a staple in many kitchens due to its flexible, yet temperature-tolerant nature. New research from Canada shows it could be causing trouble for your liver and lungs, however.

The siloxanes that make up silicone bakeware can target “the liver through oral exposure, as well as the liver and lungs through inhalation exposure.” The fat content of the food being baked is also a factor as these compounds are lipophilic, so higher fat foods will absorb more siloxanes than lower fat foods.

Don’t throw out all your silicone yet, though. The researchers say, “the results showed a consistent decreasing trend in migration levels across consecutive weekly baking sessions, with no increase after the seven-month interval.” So, that dingy looking silicone mat you’ve used a hundred times is safer than a brand new, brightly-colored one.

This seems like an example of how glass and (non-heavy) metal are usually the best way to go when handling food. While we’re talking about ovens, do they really need to run a connectivity check? They certainly could be improved with a DIY thermometer or by making a more practical solar-powered example.

This Week In Security: AirBorne, EvilNotify, And Revoked RDP

May 2, 2025 by 2 Comments

This week, Oligo has announced the AirBorne series of vulnerabilities in the Apple Airdrop protocol and SDK. This is a particularly serious set of issues, and notably affects MacOS desktops and laptops, the iOS and iPadOS mobile devices, and many IoT devices that use the Apple SDK to provide AirPlay support. It’s a group of 16 CVEs based on 23 total reported issues, with the ramifications ranging from an authentication bypass, to local file reads, all the way to Remote Code Execution (RCE).

AirPlay is a WiFi based peer-to-peer protocol, used to share or stream media between devices. It uses port 7000, and a custom protocol that has elements of both HTTP and RTSP. This scheme makes heavy use of property lists (“plists”) for transferring serialized information. And as we well know, serialization and data parsing interfaces are great places to look for vulnerabilities. Oligo provides an example, where a plist is expected to contain a dictionary object, but was actually constructed with a simple string. De-serializing that plist results in a malformed dictionary, and attempting to access it will crash the process.

Another demo is using AirPlay to achieve an arbitrary memory write against a MacOS device. Because it’s such a powerful primative, this can be used for zero-click exploitation, though the actual demo uses the music app, and launches with a user click. Prior to the patch, this affected any MacOS device with AirPlay enabled, and set to either “Anyone on the same network” or “Everyone”. Because of the zero-click nature, this could be made into a wormable exploit. Continue reading “This Week In Security: AirBorne, EvilNotify, And Revoked RDP”