PT-2023-21457 · Apple · Airpods

Archie Pusaka

Publicado

2023-05-04

Atualizado

2025-08-02

CVE-2023-27964

CVSS v3.1

5.4

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions AirPods Firmware versions prior to 5E133

Description An authentication issue was addressed with improved state management. When the headphones are seeking a connection request to one of the previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to the headphones.

Recommendations For AirPods Firmware versions prior to 5E133, update to AirPods Firmware Update 5E133 to resolve the issue. As a temporary workaround, consider restricting Bluetooth connections to trusted devices until the update is applied.

Correção

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

CVE-2023-27964

Produtos afetados

Airpods

PT-2023-21457 · Apple · Airpods

CVE-2023-27964

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7