Apple has rolled out a software update for AirPods addressing a security loophole that could have allowed an unauthorized party to connect to the headphones.
Identified as CVE-2024-27867, the vulnerability impacts AirPods (2nd generation and above), all models of AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro.
“When your headphones are actively looking to connect to a device they have been paired with previously, an attacker within Bluetooth range might impersonate the legitimate device and gain entry to your headphones,” Apple stated in an advisory issued on Tuesday.
In simple words, a malicious entity in close proximity could have exploited this weakness to eavesdrop on confidential conversations. Apple mentioned that the problem has been rectified via enhanced state management.
The credit for discovering and reporting this issue goes to Jonas Dreßler. The fix has been included in the latest AirPods Firmware Updates numbered 6A326, 6F8, and Beats Firmware Update 6F8.
This development follows closely after the company released updates for visionOS (version 1.2) to address 21 vulnerabilities, with seven of them related to flaws in the WebKit browser engine.
One of the issues related to a logic flaw (CVE-2024-27812) that could lead to a denial-of-service (DoS) scenario during web content processing. Apple stated that this has been resolved through improved file management.
Security researcher Ryan Pickren, who brought this vulnerability to light, characterized it as the “first spatial computing breach” capable of being weaponized to “disregard all alerts and flood your space with numerous animated 3D objects” without user intervention.
The vulnerability exploits Apple’s failure to enforce the permission model while utilizing the ARKit Quick Look feature to generate 3D objects in a target room. Furthermore, these animated objects persist even after exiting Safari since they are managed by a separate app.
“Moreover, no direct human interaction is required for this anchor tag to be ‘clicked’,” Pickren explained. “Thus, programmatic JavaScript clicking (e.g., document.querySelector(‘a’).click()) is fully functional! This implies that we can launch any number of 3D, animated, sound-producing objects without any user engagement.”
About Author
