CVE-2024-27867

Name of the Vulnerable Software and Affected Versions AirPods versions prior to Firmware Update 6A326 AirPods versions prior to Firmware Update 6F8 Beats versions prior to Firmware Update 6F8 AirPods (2nd generation and later) AirPods Pro (all models) AirPods Max Powerbeats Pro Beats Fit Pro

Description An authentication issue existed due to improper state management. This allowed an attacker within Bluetooth range to potentially spoof a previously paired device and gain unauthorized access to the headphones, potentially enabling eavesdropping on audio. The issue affected AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. The vulnerability, tracked as CVE-2024-27867, allowed an attacker to potentially intercept audio or control the headphones. The issue was discovered by Jonas Drechsler.

Recommendations Update AirPods to Firmware Update 6A326 Update AirPods to Firmware Update 6F8 Update Beats to Firmware Update 6F8 Update AirPods (2nd generation and later) to the latest firmware Update AirPods Pro (all models) to the latest firmware Update AirPods Max to the latest firmware Update Powerbeats Pro to the latest firmware Update Beats Fit Pro to the latest firmware