Qi Xia

**Name of the Vulnerable Software and Affected Versions** Amazon Alexa software version 8960323972 **Description** The issue allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz, which is often outside the range of human adult hearing. Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. **Recommendations** For Amazon Alexa software version 8960323972, consider disabling the ability to receive commands via audio signals until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.