On June 25th, Apple released a crucial firmware update for various AirPods and Beats models, addressing a significant security vulnerability. The flaw potentially allowed malicious actors within Bluetooth range to gain unauthorized access to the headphones. This could enable eavesdropping on private conversations, posing severe privacy risks.
Hackers could exploit this vulnerability by spoofing the intended source device during a connection request. When headphones seek to reconnect to a previously paired device, a nearby attacker could intercept the request and pose as the legitimate device. This unauthorized access could then allow the hacker to listen in on conversations, access audio streams, or manipulate the device settings without the user’s knowledge.
The vulnerability affected multiple models, including AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. The issue has been resolved through improved state management in the latest firmware updates: AirPods Firmware Update 6A326 and 6F8, and Beats Firmware Update 6F8.
Why it matters: The increased use of Bluetooth-enabled devices has heightened the risk of cyberattacks and data breaches. The recent vulnerability discovered in Apple’s AirPods and Beats headphones exemplifies this threat, potentially allowing nearby attackers to gain unauthorized access and eavesdrop on private conversations. As these devices become more common in both personal and professional settings, stringent security measures are essential to protect user privacy and maintain trust in the manufacturers that produce them.
- Vulnerability Details: The authentication issue, CVE-2024-27867, allowed attackers in Bluetooth range to spoof a device and gain access to AirPods and Beats headphones. Hackers could exploit the flaw by intercepting a connection request between headphones and a previously paired device, spoofing the intended source device to gain unauthorized access.
- Additional Security Updates: This incident comes roughly two weeks after another recent security issue at Apple, where a visionOS update patched 21 vulnerabilities for the Apple Vision Pro, including a significant WebKit denial-of-service flaw and a permission-bypassing ARKit issue. The updates underscore Apple’s prioritization and commitment to security.
- Firmware Update Process: Users can check their firmware version by navigating to the Bluetooth menu in the Settings app on their iPhone. The update occurs automatically when the headphones are charging and within Bluetooth range of a connected device.
Apple Confirms What’s New with Latest AirPods Software Update – 9 To 5 Mac