Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for airpods_max_firmware by apple

    CVE-2024-27867 (GCVE-0-2024-27867)

    Vulnerability from nvd – Published: 2024-06-26 03:12 – Updated: 2026-04-02 18:27
    VLAI
    Summary
    An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones
    • CWE-noinfo Not enough information
    Assigner
    Impacted products
    Vendor Product Version
    Apple AirPods Affected: 0 , < unknown (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-26T13:31:27.314551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T14:30:04.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:41:55.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirPods",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "unknown",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:27:16.620Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120907"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-27867",
        "datePublished": "2024-06-26T03:12:26.594Z",
        "dateReserved": "2024-02-26T15:32:28.541Z",
        "dateUpdated": "2026-04-02T18:27:16.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-27867 (GCVE-0-2024-27867)

    Vulnerability from cvelistv5 – Published: 2024-06-26 03:12 – Updated: 2026-04-02 18:27
    VLAI
    Summary
    An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones
    • CWE-noinfo Not enough information
    Assigner
    Impacted products
    Vendor Product Version
    Apple AirPods Affected: 0 , < unknown (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-26T13:31:27.314551Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T14:30:04.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:41:55.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jul/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirPods",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "unknown",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:27:16.620Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120907"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-27867",
        "datePublished": "2024-06-26T03:12:26.594Z",
        "dateReserved": "2024-02-26T15:32:28.541Z",
        "dateUpdated": "2026-04-02T18:27:16.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }