Apple has swiftly addressed a significant security concern affecting its AirPods and Beats products with the release of firmware updates. The vulnerability, tracked as CVE-2024-27867, could potentially allow unauthorized access to headphones when they are attempting to connect to previously paired devices. This issue impacts AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro, making it crucial for users to update their devices promptly.
The vulnerability was discovered by security researcher Jonas Dreßler, who promptly reported it to Apple. The company responded by rolling out firmware updates labeled AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 to mitigate the issue. These updates enhance state management to prevent unauthorized access attempts by malicious actors within Bluetooth range.
In addition to addressing the Bluetooth security flaw, Apple recently tackled 21 vulnerabilities in its visionOS (version 1.2) and WebKit browser engine. Among these was CVE-2024-27812, a logic flaw reported by researcher Ryan Pickren, which could lead to denial-of-service attacks when processing web content. The updates underscore Apple’s commitment to maintaining robust security measures across its ecosystem, ensuring user protection against emerging threats and vulnerabilities.
Reference:
