Apple has released the first-ever security updates for its Beats and AirPods products to patch a vulnerability that can be exploited to gain access to headphones through a Bluetooth attack.
The flaw is tracked as CVE-2023-27964 and it was reported to Apple by Yun-hao Chung and Archie Pusaka of Google ChromeOS. The vulnerability has been described as an authentication issue.
“When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones,” Apple explained in its advisory.
The firmware update for AirPods (5E133), including the Pro and Max models, was made available on April 11, while the Beats firmware update (5B66), including for Powerbeats Pro and Beats Fit Pro, was released on May 2.
Firmware updates are delivered automatically to AirPods and Beats headphones while they are charging and in Bluetooth range of the user’s iPhone, iPad, or Mac. Users can check on these devices if their headset is running the latest firmware version.
The availability of the Beats firmware update was announced just as Apple and Google proposed a standard aimed at preventing devices that rely on Bluetooth for location tracking from being misused to track people.
Devices such as Apple’s AirTag are useful for finding lost or stolen property, but the product can also be abused by stalkers. The tech giants want manufacturers to implement mechanisms that would make it possible to easily detect unwanted tracking.
Related: Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Related: Apple Patches Exploited iOS Vulnerability in Old iPhones
Related: iOS Security Update Patches Exploited Vulnerability in Older iPhones
Related: Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days