CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
appleCNA
---
---
CISA-ADPADP
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
appleairpods_firmware
𝑥
< 6a326
applepowerbeats_firmware
𝑥
< 6f8
appleairpods_pro_firmware
𝑥
< 6f8
applebeats_fit_pro_firmware
𝑥
< 6f8
appleairpods_max_firmware
𝑥
< 6f8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2024/Jul/2
https://support.apple.com/en-us/HT214111
https://support.apple.com/kb/HT214111
http://seclists.org/fulldisclosure/2024/Jul/2
https://support.apple.com/en-us/HT214111
https://support.apple.com/kb/HT214111