June 26, 2024 at 04:48PM
Apple released a firmware update for AirPods to fix a vulnerability that could allow unauthorized access. The CVE-2024-27867 vulnerability affects various Apple headphone models, enabling attackers in Bluetooth range to spoof a paired device and gain access. The update addresses the authentication issue and is automatically delivered to user’s devices. Apple credited Jonas Dreßler for discovering and reporting the flaw.
The meeting notes outline the latest firmware update released by Apple to address a vulnerability affecting several of its products, including AirPods, AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. The vulnerability, tracked as CVE-2024-27867, could allow threat actors to gain unauthorized access to the headphones when seeking a connection request to a paired device. The issue was fixed with an “authentication issue addressed with improved state management” in firmware updates 6A326, 6F8 for AirPods, and 6F8 for Beats. These updates are automatically delivered to user devices while their headphones or AirPods are in Bluetooth range of an iPhone, iPad, or Mac. The flaw was discovered and reported by Jonas Dreßler, with Apple crediting him for the discovery.