Apple has released the first-ever security updates for its Beats and AirPods products to patch a vulnerability that can be exploited to gain access to headphones through a Bluetooth attack.
The flaw is tracked as CVE-2023-27964 and it was reported to Apple by Yun-hao Chung and Archie Pusaka of Google ChromeOS. The vulnerability has been described as an authentication issue.
“When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones,” Apple explained in its advisory.
The firmware update for AirPods (5E133), including the Pro and Max models, was made available on April 11, while the Beats firmware update (5B66), including for Powerbeats Pro and Beats Fit Pro, was released on May 2.
Firmware updates are delivered automatically to AirPods and Beats headphones while they are charging and in Bluetooth range of the user’s iPhone, iPad, or Mac. Users can check on these devices if their headset is running the latest firmware version.
The availability of the Beats firmware update was announced just as Apple and Google proposed a standard aimed at preventing devices that rely on Bluetooth for location tracking from being misused to track people.
Devices such as Apple’s AirTag are useful for finding lost or stolen property, but the product can also be abused by stalkers. The tech giants want manufacturers to implement mechanisms that would make it possible to easily detect unwanted tracking.
Related: Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Related: Apple Patches Exploited iOS Vulnerability in Old iPhones
Related: iOS Security Update Patches Exploited Vulnerability in Older iPhones
Related: Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
