Apple has issued its first-ever security updates for Beats and AirPods headphones, addressing a Bluetooth attack vulnerability that can be used to gain access to headphones. The flaw, tracked as CVE-2023-27964, was discovered by researchers Yun-hao Chung and Archie Pusaka of Google ChromeOS, and has been identified as an authentication issue.
Apple explained that the vulnerability could enable attackers within Bluetooth range to access headphones by spoofing the intended source device while the headphones are seeking a connection request to one of the user’s previously paired devices.
AirPods Pro and Max models received a firmware update on 11 April, while the Beats firmware update, which includes the Powerbeats Pro and Beats Fit Pro, was issued on 2 May. Firmware updates are automatically delivered to Beats and AirPods while they are charging and in Bluetooth range of an iPhone, iPad, or Mac.
Users can check whether their headset is running the latest firmware version on their devices.
The release of the firmware update for Beats headphones coincided with the announcement by Apple and Google of a proposed standard aimed at preventing devices that rely on Bluetooth for location tracking from being misused to track people.
Although Apple’s AirTag is useful for finding lost or stolen property, it can also be abused by stalkers. The companies want manufacturers to implement mechanisms that would make it easier to detect unwanted tracking.
