Apple has released firmware updates for several wireless headphone models to fix security issues. The updates affect AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.
The security flaw allowed potential attackers within Bluetooth range to gain unauthorized access to the headphones. This could happen when the headphones were trying to connect to a previously paired device. An attacker could trick the headphones into thinking they were the intended device.
Apple describes this as an “authentication issue” that they’ve fixed by improving how the headphones manage their connection state, which likely involves enhancing how the devices handle and authenticate connection requests.
The update is being distributed automatically. Users don’t need to take any action, as long as their headphones are paired with and within Bluetooth range of their iPhone, iPad, or Mac.
To check if your headphones have received the update:
- On iPhone or iPad: Go to Settings > Bluetooth
- On Mac: Go to System Settings > Bluetooth
- Tap the info button next to your headphones to see the firmware version
The new firmware versions are 6A326 and 6F8, depending on the specific model.
While Apple doesn’t provide specifics on potential exploits, we can make a pretty solid guess on how this flaw could have been misused. An attacker within Bluetooth range might have been able to eavesdrop on audio playing through the headphones, potentially overhearing private conversations. For headphones with microphones, an attacker could have intercepted audio input, effectively turning the headphones into a listening device.
Exploiting this vulnerability would require the attacker to be within Bluetooth range, typically about 10 meters or 33 feet. This physical proximity requirement limits the scope of potential attacks. However, the risk could be higher in crowded areas like coffee shops, offices, or public transportation.
