June 26, 2024 at 06:57AM
Apple has released a firmware update addressing an authentication issue affecting various headphone models, allowing potential unauthorized access. The vulnerability could enable eavesdropping on private conversations. Additionally, a logic flaw in visionOS has been patched to prevent a denial-of-service attack. This comes after the rollout of updates to address 21 shortcomings.
Key takeaways from the meeting notes:
1. Apple released a firmware update for AirPods addressing an authentication vulnerability (CVE-2024-27867) affecting various models, allowing unauthorized access by spoofing paired devices.
2. The vulnerability could enable attackers in Bluetooth range to eavesdrop on private conversations. The issue has been resolved with improved state management.
3. Jonas Dreßler is credited with discovering and reporting the flaw, and it has been patched as part of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8.
4. Additionally, Apple addressed 21 shortcomings, including a logic flaw (CVE-2024-27812) in visionOS (version 1.2) that could result in a denial-of-service when processing web content.
5. Security researcher Ryan Pickren reported a vulnerability related to Apple’s ARKit Quick Look feature, allowing the spawning of animated 3D objects without user interaction, persisting even after exiting the browser.
Please let me know if you need further information or clarification on any of these points.