CVE-2022-32946

Name of the Vulnerable Software and Affected Versions iOS versions prior to 16.1 iPadOS versions prior to 16.1

Description The issue allowed apps with Bluetooth access to record audio using connected AirPods, potentially capturing conversations with Siri and background sound. This was possible due to a problem with Core Bluetooth and the DoAP service, which supports Siri and Dictation on AirPods. The issue did not require the app to request microphone access permission and would not leave any traces of microphone eavesdropping. The vulnerability could be exploited to bypass the Transparency, Consent and Control (TCC) security system in macOS, allowing any app to record Siri conversations without requesting permissions.

Recommendations For iOS versions prior to 16.1, update to iOS 16.1 or later to resolve the issue. For iPadOS versions prior to 16.1, update to iPadOS 16.1 or later to resolve the issue. As a temporary workaround, consider disabling Bluetooth access for apps that do not require it to minimize the risk of exploitation. Restrict access to the DoAP service to prevent unauthorized audio recording.