2.4.13 Ensure AirPlay Receiver Is Disabled

Information

In macOS Monterey (12.0), Apple has added the capability to share content from another Apple device to the screen of a host Mac. While there are many valuable uses of this capability, such sharing on a standard Mac user workstation should be enabled ad hoc as required rather than allowing a continuous sharing service. The feature can be restricted by Apple ID or network and is configured to use by accepting the connection on the Mac. Part of the concern is frequent connection requests may function as a denial-of-service and access control limits may provide too much information to an attacker.

https://macmost.com/how-to-use-a-mac-as-an-airplay-receiver.html

https://support.apple.com/guide/mac-pro-rack/use-airplay-apdf1417128d/mac

Rationale:

This capability appears very useful for kiosk and shared work spaces. The ability to allow by network could be especially useful on segregated guest networks where visitors could share their screens on computers with bigger monitors, including computers connected to projectors.

Impact:

Turning off AirPlay sharing by default will not allow users to share without turning the service on. The service should be enable as needed rather than left on.

Solution

Graphical Method:
Perform the following steps to disable AirPlay Receiver:

Open System Preferences

Select Sharing

Set AirPlay Receiver to disabled

Terminal Method:
For each user, run the following command to disable AirPlay Receiver:

$ /usr/bin/sudo -u <username> /usr/bin/defaults -currentHost write com.apple.controlcenter.plist AirplayRecieverEnabled -bool false

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults -currentHost write com.apple.controlcenter.plist AirplayRecieverEnabled -bool false

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.applicationaccess

The key to include is allowAirPlayIncomingRequests

The key must be set to <false/>

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

Default Value:

AirPlay Receiver is enabled by default.

See Also

https://workbench.cisecurity.org/files/4180