October 15, 2024 at 02:09PM
An authentication vulnerability (CVE-2024-27867) in certain AirPods and Beats models allows attackers within Bluetooth range to spoof connections to headphones. A firmware update addressing this issue is available for AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro, effective June 25, 2024.
### Meeting Takeaways
**Apple ID**: 120907
**Release Date**: June 25, 2024
**CVE Identifier**: CVE-2024-27867
**Description**:
– An authentication issue has been addressed through improved state management.
**Impact**:
– An attacker within Bluetooth range could potentially spoof a connection request to gain unauthorized access to your headphones while they are attempting to connect with previously paired devices.
**Affected Products**:
– AirPods Firmware Update 6A326
– AirPods Firmware Update 6F8
– Beats Firmware Update 6F8
**Updates Available For**:
– AirPods (2nd generation and later)
– AirPods Pro (all models)
– AirPods Max
– Powerbeats Pro
– Beats Fit Pro
### Action Items
– Ensure that users are informed about the available firmware updates.
– Recommend immediate updates to enhance security for affected devices.