An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
History

Tue, 10 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple airpods
Apple airpods Firmware
Apple airpods Max
Apple airpods Max Firmware
Apple airpods Pro
Apple airpods Pro Firmware
Apple beats Fit Pro
Apple beats Fit Pro Firmware
Apple powerbeats
Apple powerbeats Firmware
Weaknesses CWE-287
CPEs cpe:2.3:h:apple:airpods:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_max:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:airpods_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:beats_fit_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:apple:powerbeats:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_max_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:airpods_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:beats_fit_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:powerbeats_firmware:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple airpods
Apple airpods Firmware
Apple airpods Max
Apple airpods Max Firmware
Apple airpods Pro
Apple airpods Pro Firmware
Apple beats Fit Pro
Apple beats Fit Pro Firmware
Apple powerbeats
Apple powerbeats Firmware

Mon, 04 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-06-26T03:12:26.594Z

Updated: 2024-11-04T14:30:04.265Z

Reserved: 2024-02-26T15:32:28.541Z

Link: CVE-2024-27867

cve-icon Vulnrichment

Updated: 2024-08-02T00:41:55.744Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-26T04:15:11.637

Modified: 2024-12-10T14:42:58.173

Link: CVE-2024-27867

cve-icon Redhat

No data.