This gets fairly technical, and a bit of the language isn’t safe for work, but the Low Level YouTube channel (which is excellent) has focused on an exploit within the AirPlay protocol that allows for remote code execution and distribution of malware. The simplest explanation is that an unpatched version of the AirPlay code and its SDK (software developer kit) leaves openings for malware to be stored on external devices such as a speaker or another computer.
From there, wormable malware can spread to other users, devices, and computers, following the true definition of a computer virus. The video explains it best, and please look it over as well as update your Mac, iPhone, iPad, and other devices to the latest versions of their operating systems when you get a chance.
Via Low Level