Peter Makohon’s Post

As somebody who is new to the world of cybersecurity. This is one of the more interesting vulnerabilities I've read about.

Apple has released an important security update for AirPods users, addressing a critical Bluetooth vulnerability that could potentially allow attackers to execute arbitrary code with kernel privileges[1]. This flaw, identified as CVE-2024-32859, affects various AirPods models including AirPods Pro (1st and 2nd generation), AirPods (2nd and 3rd generation), and AirPods Max. The vulnerability stems from a memory corruption issue in the Bluetooth stack. If exploited, it could give malicious actors the ability to run unauthorized code with the highest system privileges, potentially compromising the security and privacy of affected devices. To protect users, Apple has promptly released firmware version 6A321 for the impacted AirPods models. This update is crucial for maintaining the security of your AirPods and connected devices. Users are strongly advised to ensure their AirPods are updated to the latest firmware version as soon as possible. To check your AirPods' firmware version and update if necessary: 1. Connect your AirPods to your iPhone or iPad 2. Go to Settings > Bluetooth 3. Tap the "i" icon next to your AirPods 4. Look for the "Version" number AirPods typically update automatically when connected to an iOS device. However, to encourage an update, keep your AirPods in their case, connected to a power source, and near your paired iOS device with an internet connection. This security patch underscores the importance of keeping all your devices, including accessories like AirPods, up-to-date to protect against potential security threats. https://lnkd.in/gijtKX5W

Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. "When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones," Apple said in a Tuesday advisory. In other words, an adversary in physical proximity could exploit the vulnerability to eavesdrop on private conversations. Apple said the issue has been addressed with improved state management. Security researcher Ryan Pickren, who reported the vulnerability, described it as the "world's first spatial computing hack" that could be weaponized to "bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects" sans user interaction. The vulnerability takes advantage of Apple's failure to apply the permissions model when using the ARKit Quick Look feature to spawn 3D objects in a victim's room. Making matters worse, these animated objects continue to persist even after exiting Safari as they are handled by a separate application... #informationsecurity #cybersecurity #security #vulnerability #infosec #apple #airpods #technology

To all the Apple users in my network. Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Read about the update in the Hacker-news article below. * CVE-2024-27867: Apple has released a firmware update for AirPods addressing an authentication issue. This vulnerability affects AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. When seeking a connection request to a previously paired device, an attacker in Bluetooth range could spoof the intended source device and gain unauthorized access to the headphones. * CVE-2024-27812: Another security issue relates to a logic flaw that could lead to a denial-of-service (DoS) when processing web content. Apple has fixed this by improving file handling. Security researcher Ryan Pickren discovered a spatial computing hack that allows launching animated 3D objects in a victim’s room without user interaction. These objects persist even after exiting Safari due to a permissions model oversight in the ARKit Quick Look feature. Update your AirPods to the latest firmware to mitigate these vulnerabilities. #cybersecurity #usda #alphaomega #dynamotechnologies #cvp #vknowit #apple

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping https://ift.tt/RZG01Wu Jun 26, 2024NewsroomFirmware Security / Vulnerability Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner. Tracked as CVE-2024-27867, the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro. "When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones," Apple said in a Tuesday advisory. In other words, an adversary in physical proximity could exploit the vulnerability to eavesdrop on private conversations. Apple said the issue has been addressed with improved state management. Jonas Dreßler has been credited with discovering and reporting the flaw. It has been patched as part of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. The development comes two weeks after the iPhone maker rolled out updates for visionOS (version 1.2) to close out 21 shortcomings, including seven flaws in the WebKit browser engine. One of the issues pertains to a logic flaw (CVE-2024-27812) that could result in a denial-of-service (DoS) when processing web content. The problem has been fixed with improved file handling, it said. Security researcher Ryan Pickren, who reported the vulnerability, described it as the "world's first spatial computing hack" that could be weaponized to "bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects" sans user interaction. The vulnerability takes advantage of Apple's failure to apply the permissions model when using the ARKit Quick Look feature to spawn 3D objects in a victim's room. Making matters worse, these animated objects continue to persist even after exiting Safari as they are handled by a separate application. "Furthermore, it does not even require this anchor tag to have been 'clicked' by the human," Pickren said. "So programmatic JavaScript clicking (i.e., document.querySelector('a').click()) works no problem! This means that we can launch an arbitrary number of 3D, animated, sound-creating, objects without any user interaction whatsoever." Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post. Cyber via The Hacker News https://ift.tt/0V9GTxo June 26, 2024 at 06:57AM

#GreatNews #TechUpdates Apple has released a crucial firmware update to address a vulnerability (CVE-2024-27867) that could allow unauthorized access to your AirPods and Beats headphones. Affected devices: 🎧AirPods (2nd generation and later) 🎧AirPods Pro (all models) 🎧AirPods Max 🎧Powerbeats Pro 🎧Beats Fit Pro An attacker within Bluetooth range could spoof a previously paired device and gain access to your headphones, potentially eavesdropping on private conversations. 🔧 Additional Updates: Apple has also addressed 21 vulnerabilities in visionOS (version 1.2), including a critical denial-of-service (DoS) flaw (CVE-2024-27812) reported by security researcher Ryan Pickren. This flaw could bypass warnings and fill a room with arbitrary 3D objects without user interaction. For more details, visit https://hubs.ly/Q02FjvN-0 #CyberSecurity #Apple #AirPodsUpdate #FirmwareUpdate #TechAlert #BluetoothSecurity #StaySafe #ProtectYourPrivacy

📱 Apple has released a firmware update for AirPods to fix a critical security flaw (CVE-2024-27867). This vulnerability affects various models, allowing attackers within Bluetooth range to spoof a paired device and gain unauthorized access to headphones, potentially enabling eavesdropping. 🎧 The update improves state management to prevent these unauthorized connections. This follows recent patches for visionOS, addressing vulnerabilities like a WebKit flaw (CVE-2024-27812), which could cause denial-of-service attacks. These updates highlight Apple's ongoing efforts to enhance security across its products, addressing both Bluetooth issues in AirPods and complex vulnerabilities in web and AR technologies. 🔐 For more insights 👉 https://buff.ly/3XBqw7r #Apple #Security #AirPods #CVE202427867 #Bluetooth #Cybersecurity #TechNews #Spoof #DoS

”Apple's "Find My" service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline. The ”location” network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards.” #apple #findmy #findmydevice #device #bluetooth #gps #keylogger #malicious #sensitive #information #sensitivedata #security #iphone #research #researchers #analysis #analyst #hackers #hacker #attack #encryption #encrypted #evilcrowd https://lnkd.in/drPmEST2

🌪️Imagine you’re in your room listening to music when suddenly, an attacker gains access to your AirPods and starts eavesdropping on your conversations! 😱 Apple just patched a serious Bluetooth vulnerability in AirPods that could allow exactly that. Tracked as CVE-2024-27867, this flaw affects various AirPods and Beats models. Additionally, another vulnerability, CVE-2024-27812, could allow arbitrary code execution. Update your firmware to secure your devices and keep those private convos private! #CyberSecurity #Apple #Bluetooth #TechNews #Privacy Read more 👇

At a time when wireless computing is ubiquitous, every cellphone, every Bluetooth device from headphone to smart fridge joins the network, often with little recognition of these risks or pressing need for intense safe-guarding. 🛡 Although Bluetooth is technologically sound in many ways, it’s vulnerable to a number of security threats such as eavesdropping, unauthorised access to devices, and modification or corruption of data. 🕵️♀️ The most insidious of these is Bluetooth spoofing, in which an attacker pretends to a trusted device. Proactive measures are the only real defense against this kind of rogue Bluetooth spoofing. 🚨 Keep all your software and firmware updated as often as possible; patch releases for new vulnerabilities will typically be available in the form of software updates. 👮♂️ Disable Bluetooth when not in use, and manually forget previous devices that you no longer need paired with your machine. ⚡ If you feel this content is worth sharing, show your appreciation with a: 👍 Like 💬 Comment 🔁 Repost https://lnkd.in/eM7X9faY