Apple has released firmware updates for its AirPods and Beats products to address a security concern identified as CVE-2024-27867.
Description
This vulnerability, discovered by security researcher Jonas Dreßler [2], could potentially allow unauthorized access to headphones within Bluetooth range by spoofing a paired device. The affected models include AirPods (2nd generation and later) [5], AirPods Pro [1] [2] [4] [5] [7], AirPods Max [1] [2] [3] [4] [5] [6] [7], Powerbeats Pro [1] [2] [5] [7], and Beats Fit Pro [1] [2] [5] [7]. The fix involves improved state management in firmware updates 6A326, 6F8 for the affected devices [1]. The update will be automatically installed when AirPods are connected to an iPhone [7], and users can verify the firmware version in Settings > Bluetooth [7]. The 1st generation AirPods are not impacted by this security flaw [7]. This update follows a recent visionOS update from Apple that addressed various security vulnerabilities [7], including one related to Safari warnings and animated 3D objects [7].
Conclusion
The firmware updates released by Apple for its AirPods and Beats products address a critical security concern, ensuring the protection of user data and privacy. Users are advised to install the updates promptly to mitigate the risk of unauthorized access to their headphones. This incident highlights the importance of regular software updates in maintaining the security of electronic devices.
References
[1] https://www.darkreading.com/vulnerabilities-threats/apple-airpods-bug-allows-eavesdropping
[2] https://guru8.net/2024/06/apple-fixes-airpods-bluetooth-flaw-that-could-enable-eavesdropping/
[3] https://www.tenable.com/cve/CVE-2024-27867
[4] https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html
[5] https://cybermaterial.com/apple-fixes-airpods-bluetooth-security-issue/
[6] https://cvefeed.io/vuln/detail/CVE-2024-27867
[7] https://uk.pcmag.com/headphones/153009/airpods-firmware-update-patches-bluetooth-security-vulnerability