Main Vulnerability Database SB2024062703

SB2024062703 - Spoofing attack in Apple AirPods and Beats firmware

Published: June 27, 2024

Security Bulletin ID SB2024062703

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization (CVE-ID: CVE-2024-27867)

The vulnerability allows an attacker to perform spoofing attack.

The vulnerability exists due to the way the headphones are seeking a connection request to one of your previously paired devices. An attacker with physical proximity to the device can spoof the intended source device and gain access to your headphones.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/HT214111