Vulnerability identifier: #VU93406
Vulnerability risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
AirPods firmware
Hardware solutions /
Firmware
Beats firmware
Hardware solutions /
Firmware
Vendor: Apple Inc.
Description
The vulnerability allows an attacker to perform spoofing attack.
The vulnerability exists due to the way the headphones are seeking a connection request to one of your previously paired devices. An attacker with physical proximity to the device can spoof the intended source device and gain access to your headphones.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
AirPods firmware: 6F7, 6B32 - 6B34, 6A303 - 6A325, 5E133 - 5E135, 5B58 - 5B59, 5A374 - 5A377, 4E71
External links
http://support.apple.com/en-us/HT214111
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.