Security
Headlines
HeadlinesLatestCVEs

Headline

Apple AirPods Bug Allows Eavesdropping

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

DARKReading
#vulnerability#mac#apple#auth

Source: Hoor Aloraidh via Alamy Stock Photo

Apple released its latest firmware update for its AirPods products to address a vulnerability that could give a threat actor unauthorized access.

The vulnerability is tracked as CVE-2024-27867 and affects AirPods (second generation and later) and AirPods Pro (all models), as well as AirPods Max, Powerbeats Pro, and Beats Fit Pro.

“When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones,” reported Apple in an advisory.

To fix for the issue, Apple said that an “authentication issue was addressed with improved state management” in AirPods firmware update 6A326, AirPods firmware update 6F8, and Beats firmware update 6F8. These firmware updates are automatically delivered to a user’s device while the headphones or AirPods are in Bluetooth range of an iPhone, iPad, or Mac.

Apple credited Jonas Dreßler for the discovery of the flaw as with well as reporting the bug to the company.

About the Author(s)

Related news

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

Apple Security Advisory 06-25-2024-1

Apple Security Advisory 06-25-2024-1 - AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 address a spoofing vulnerability.

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously

DARKReading: Latest News

Too Much 'Trust,' Not Enough 'Verify'