Security vulnerability: Apple stops Bluetooth takeover of AirPods, Beats devices
Apple has released new firmware for various headphone models that closes a problematic gap. However, the update is not easy.
(Image: Apple)
Apple released an important firmware update for owners of current AirPods and Beats headphones on Wednesday night. It does not provide any functional innovations, but fixes a potentially problematic security vulnerability, as the company announced in parallel on its Security Updates website. The bug affects the Bluetooth implementation integrated in the devices, which allows the devices to be hijacked. The problem: Unfortunately, it is not easy to initiate the update process. Users may have to wait several days or even weeks for the update to go through.
Which models are affected
The new firmware for the AirPods has the version number 6A326. It is intended for AirPods from the second generation onwards, all AirPods Pro models and the AirPods Max over-ear headphones - in other words, all current AirPods on the market. Firmware 6F8 is available for devices from Apple subsidiary Beats, but only for the Powerbeats Pro and Beats Fit Pro models. Whether other models also need a patch, but Apple is not offering one, remained unclear at first.
The vulnerability with the CVE ID 2024-27867 was discovered by security researcher Jonas Dreßler. Apple describes it as follows: "If your headphones send a connection request to one of your previously paired devices, an attacker within Bluetooth range may be able to spoof the intended source device and gain access to your headphones." With this hijacking, it is not only conceivable that an attacker could fill a person with unwanted sounds, but could also redirect other connections - such as telephony or voice chats - via their own devices and thus record them. It is not known whether this is already happening in practice.
Firmware update for AirPods and Beats can take time
The problem with such bugs is that Apple has no official way of forcing an update to the firmware of its AirPods and Beats headphones. "Firmware updates are provided automatically while your headphones are paired with your iPhone, iPad or Mac and within Bluetooth range," it says succinctly. You can only check in the Bluetooth settings (e.g. on the iPhone) whether the new firmware has arrived. Otherwise, it's a case of: Wait.
However, some users have come up with tips and tricks on the Internet to speed up the firmware update of their audio devices: it is said to help to listen to 30 seconds of music via Apple's in-house streaming service Apple Music and then immediately place AirPods & Co. in their charging case, including the power connection (for AirPods Max: in the case including connection via Lightning). However, it is not said that this always works and is slightly reminiscent of IT voodoo. Apple always asks customers to wait for automatic delivery. Alternatively, you can schedule an appointment at an authorized repair store or Apple Store, where there is special hardware that can force the update.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
