What is the severity of CVE-2024-27867?

CVE-2024-27867 is rated as a medium severity vulnerability due to the authentication issues resulting from ineffective state management.

How do I fix CVE-2024-27867?

To fix CVE-2024-27867, update your AirPods and Beats devices to Firmware Update 6A326 or newer for AirPods, and 6F8 or newer for Beats.

What devices are affected by CVE-2024-27867?

CVE-2024-27867 affects various Apple products including certain models of AirPods and Beats that are running outdated firmware.

How does CVE-2024-27867 impact device security?

CVE-2024-27867 can potentially allow an attacker to hijack connection requests from previously paired devices, compromising device security.

When was CVE-2024-27867 reported?

CVE-2024-27867 was reported and subsequently addressed in July 2024 with the release of specific firmware updates.

Vulnerability/
CVE-2024-27867

medium

4.3

CWE

287

25/6/2024

26/6/2024

10/12/2024

CVE-2024-27867

First published: Tue Jun 25 2024(Updated: )

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.

Credit: Jonas Dreßler product-security@apple.com

Affected Software	Affected Version	How to fix
Apple AirPods Firmware	<6	6
Apple AirPods Firmware	<6	6
Apple Beats Firmware Update B66	<6	6
All of
Apple AirPods Firmware	<6a326
Apple AirPods
All of
Apple Powerbeats Firmware	<6f8
Apple Powerbeats Firmware
All of
Apple AirPods Pro Firmware	<6f8
Apple AirPods Pro Firmware
All of
Apple Beats Fit Pro Firmware	<6f8
Apple Beats Fit Pro Firmware
All of
Apple AirPods Max Firmware	<6f8
Apple AirPods Max Firmware

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2024-27867

Frequently Asked Questions

What is the severity of CVE-2024-27867?
CVE-2024-27867 is rated as a medium severity vulnerability due to the authentication issues resulting from ineffective state management.
How do I fix CVE-2024-27867?
To fix CVE-2024-27867, update your AirPods and Beats devices to Firmware Update 6A326 or newer for AirPods, and 6F8 or newer for Beats.
What devices are affected by CVE-2024-27867?
CVE-2024-27867 affects various Apple products including certain models of AirPods and Beats that are running outdated firmware.
How does CVE-2024-27867 impact device security?
CVE-2024-27867 can potentially allow an attacker to hijack connection requests from previously paired devices, compromising device security.
When was CVE-2024-27867 reported?
CVE-2024-27867 was reported and subsequently addressed in July 2024 with the release of specific firmware updates.

agent/type
agent/description
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
agent/event
agent/weakness
agent/last-modified-date
agent/severity
agent/trending
agent/source
agent/references
agent/tags
agent/softwarecombine
collector/apple-support
source/Apple
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/apple
canonical/apple airpods firmware
canonical/apple beats firmware update b66
canonical/apple airpods
canonical/apple powerbeats firmware
canonical/apple airpods pro firmware
canonical/apple beats fit pro firmware
canonical/apple airpods max firmware