Vulnerability Description
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Airpods Firmware | < 6a326 |
| Apple | Airpods | - |
| Apple | Powerbeats Firmware | < 6f8 |
| Apple | Powerbeats | - |
| Apple | Airpods Pro Firmware | < 6f8 |
| Apple | Airpods Pro | - |
| Apple | Beats Fit Pro Firmware | < 6f8 |
| Apple | Beats Fit Pro | - |
| Apple | Airpods Max Firmware | < 6f8 |
| Apple | Airpods Max | - |
Related Weaknesses (CWE)
References
- https://support.apple.com/en-us/120907
- http://seclists.org/fulldisclosure/2024/Jul/2Mailing List
- https://support.apple.com/en-us/HT214111Vendor Advisory
- https://support.apple.com/kb/HT214111Vendor Advisory
FAQ
What is CVE-2024-27867?
CVE-2024-27867 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headph...
How severe is CVE-2024-27867?
CVE-2024-27867 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-27867?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Airpods Firmware, Apple Airpods, Apple Powerbeats Firmware, Apple Powerbeats, Apple Airpods Pro Firmware.