Apple has addressed a critical Bluetooth vulnerability affecting AirPods and related devices with a new firmware update. This flaw, tracked as CVE-2024-27867, could potentially allow unauthorized access to the headphones, leading to possible eavesdropping.
The security issue impacts various models, including AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. According to Apple, the vulnerability could be exploited by an attacker in Bluetooth range who could spoof a previously paired device to connect to the headphones.
Apple’s advisory, released on Tuesday, explains the risk: “When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.” This could enable adversaries to listen in on private conversations without the user’s knowledge.
The flaw was discovered and reported by security researcher Jonas Dreßler. Apple has mitigated the issue by improving state management in the affected devices. The fix has been rolled out through AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8.
This update follows closely on the heels of Apple’s recent visionOS update (version 1.2), which addressed 21 security vulnerabilities, including several in the WebKit browser engine. One significant issue, CVE-2024-27812, involved a logic flaw that could cause a denial-of-service (DoS) when processing web content. This flaw, reported by security researcher Ryan Pickren, has also been patched.
Pickren described the vulnerability as the “world’s first spatial computing hack,” capable of bypassing all warnings to forcefully fill a room with an arbitrary number of animated 3D objects without user interaction. The exploit leverages a weakness in Apple’s ARKit Quick Look feature, allowing persistent 3D objects even after exiting Safari.
Apple’s swift response to these vulnerabilities underscores its commitment to maintaining robust security across its product ecosystem, ensuring users are protected against potential threats.