DEV Community

a.infosecflavour
a.infosecflavour

Posted on

1

CVE-2024-27867- Eavesdropping vulnerability AirPods

On 26th of June, Apple announced CVE-2024-27867.
If you are the (happy) owner of either:

  • AirPods (2nd generation and later),
  • AirPods Pro (all models),
  • AirPods Max,
  • Powerbeats Pro,
  • Beats Fit Pro

then you shall ensure your device(s)' firmware is up to date.
The good news: if your Airpods/ Beats are charging and are connected to your iPhone, iPad or Mac via Bluetooth then the update is done automatically.
You can check the version of your AirPods/ Beats using one of the earlier specified devices. Be wary that your iPhone/ iPad/ Mac should also be at the latest version! 💡
The bad news: Your conversations were at risk of being intercepted by a curious malicious actor, using bluetooth sniffer.

What is a bluetooth sniffer?

It's a tool used to intercept and read (i.e to sniff) the Bluetooth Low Energy (also known as BLE) packets, as they are transmitted.
Bluetooth sniffing is just one type of attack. You can read more about other types of Bluetooth attacks on HTB Academy

Is the issue fixed?

Well, as mentioned earlier in the article, yes!
The issue is fixed on AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, respectively Beats Firmware Update 6F8.

Instead of buh-bye

Always make sure that your devices are updated because this is a facile way to protect yourself online.

Image of Datadog

How to Diagram Your Cloud Architecture

Cloud architecture diagrams provide critical visibility into the resources in your environment and how they’re connected. In our latest eBook, AWS Solution Architects Jason Mimick and James Wenzel walk through best practices on how to build effective and professional diagrams.

Download the Free eBook

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more