Hi, what are you looking for?
Apple has released firmware updates for Beats and AirPods to patch a vulnerability that can be exploited to gain access to headphones via a Bluetooth attack.
Apple has released the first-ever security updates for its Beats and AirPods products to patch a vulnerability that can be exploited to gain access to headphones through a Bluetooth attack.
The flaw is tracked as CVE-2023-27964 and it was reported to Apple by Yun-hao Chung and Archie Pusaka of Google ChromeOS. The vulnerability has been described as an authentication issue.
“When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones,” Apple explained in its advisory.
The firmware update for AirPods (5E133), including the Pro and Max models, was made available on April 11, while the Beats firmware update (5B66), including for Powerbeats Pro and Beats Fit Pro, was released on May 2.
Firmware updates are delivered automatically to AirPods and Beats headphones while they are charging and in Bluetooth range of the user’s iPhone, iPad, or Mac. Users can check on these devices if their headset is running the latest firmware version.
The availability of the Beats firmware update was announced just as Apple and Google proposed a standard aimed at preventing devices that rely on Bluetooth for location tracking from being misused to track people.
Devices such as Apple’s AirTag are useful for finding lost or stolen property, but the product can also be abused by stalkers. The tech giants want manufacturers to implement mechanisms that would make it possible to easily detect unwanted tracking.
Related: Apple Patches Actively Exploited WebKit Zero-Day Vulnerability
Related: Apple Patches Exploited iOS Vulnerability in Old iPhones
Related: iOS Security Update Patches Exploited Vulnerability in Older iPhones
Related: Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
AI can truly disrupt all elements of the SOC and provide an analyst with 10x more data and save 10x more time than what currently exists. (Matt Honea)
There has been an ongoing debate in the security industry over the last decade or so about whether or not deep packet inspection (DPI) is dead. (Matt Wilson)
One of the main reasons why ZTNA fails is that most ZTNA implementations tend to focus entirely on securing remote access. (Etay Maor)
There are key steps every organization should take to leverage threat and event data across the lifecycle of a cyber incident. (Marc Solomon)
The Cybersecurity Resilience Quotient empowers organizations to assess their security posture comprehensively, considering asset exposure, vulnerabilities, and criticality alongside process and network architecture and disaster recovery plans. (Rik Ferguson)
Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher…
OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an…
The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be…
A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car…
A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable…
Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.
The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.
Got a confidential news tip? We want to hear from you.
Reach a large audience of enterprise cybersecurity professionals
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Copyright © 2023 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.