Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Apple fixes AirPods Bluetooth vulnerability that could allow eavesdropping
Global Security

Apple fixes AirPods Bluetooth vulnerability that could allow eavesdropping

AdminBy AdminJuly 8, 2024No Comments2 Mins Read
AirPods Bluetooth Vulnerability
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


June 26, 2024Information hallFirmware Security / Vulnerability

AirPods Bluetooth Vulnerability

Apple released a firmware update for AirPods, which could allow attackers to gain unauthorized access to the headphones.

Tracked as CVE-2024-27867 , the authentication issue affects AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats Fit Pro.

“If your headphones are looking for a connection request from one of your previously paired devices, an attacker in Bluetooth range could spoof the intended source device and gain access to your headphones,” Apple said. said in an advisory on Tuesday.

In other words, an adversary in physical proximity could use the vulnerability to eavesdrop on private conversations. Apple said the issue was resolved through improved governance.

Jonas Dressler is credited with discovering and reporting the flaw. It was fixed as part of AirPods firmware update 6A326, AirPods firmware update 6F8, and Beats firmware update 6F8.

The development came two weeks after the iPhone manufacturer released updates for visionOS (version 1.2) to address 21 flaws, including seven flaws in the WebKit browser engine.

Cyber ​​security

One of the issues concerns a logic bug (CVE-2024-27812) that could lead to a denial of service (DoS) when processing web content. The issue has been fixed through improved file handling, the report said.

Security researcher Ryan Pickren, who reported the vulnerability, described it as the “world’s first spatial computing hack” that could be used to “bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects” without user interaction .

The vulnerability takes advantage of Apple’s failure to apply a permissions model when used ARKit Quick View feature create 3D objects in the victim’s room. What’s worse, these animated objects continue to persist even after you exit Safari, as they are handled by a separate application.

“What’s more, it doesn’t even require that anchor tag to be ‘clicked’ by a human,” Pickren said. “So programmatic JavaScript clicking (eg document.querySelector(‘a’).click()) works without a problem! This means we can run an arbitrary number of 3D, animated, sound-producing objects without any user interaction. “

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.