CVE-2024-27867

Sažetak

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

Reference

http://seclists.org/fulldisclosure/2024/Jul/2
https://support.apple.com/en-us/HT214111
https://support.apple.com/kb/HT214111
http://seclists.org/fulldisclosure/2024/Jul/2
https://support.apple.com/en-us/HT214111
https://support.apple.com/kb/HT214111

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

10-12-2024 - 14:42

Objavljeno

26-06-2024 - 04:15