Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.2501 AirPods Firmware Update 5E133 and Beats Firmware Update 5B66 4 May 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: AirPods Beats Publisher: Apple Operating System: Apple iOS Mobile Device Resolution: Patch/Upgrade CVE Names: CVE-2023-27964 Original Bulletin: https://support.apple.com/HT213752 Comment: CVSS (Max): None available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2023-05-03-1 AirPods Firmware Update 5E133 and Beats Firmware Update 5B66 AirPods Firmware Update 5E133 and Beats Firmware Update 5B66 address the following issues. Information about the security content is also available at https://support.apple.com/HT213752. AirPods Firmware Update 5E133 Released April 11, 2023 Bluetooth Available for: AirPods (2nd generation and later), AirPod Pro (all models), AirPods Max Impact: When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. Description: An authentication issue was addressed with improved state management. CVE-2023-27964: Yun-hao Chung and Archie Pusaka of Google ChromeOS Firmware updates are automatically delivered while your AirPods are charging and in Bluetooth range of your iPhone, iPad, or Mac. Learn more about firmware updates for AirPods. Beats Firmware Update 5B66 Released May 2, 2023 Bluetooth Available for: Powerbeats Pro, Beats Fit Pro Impact: When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. Description: An authentication issue was addressed with improved state management. CVE-2023-27964: Yun-hao Chung and Archie Pusaka of Google ChromeOS If you paired your Beats wireless headphones with your iPhone, iPad, or Mac, your Beats will update automatically. Learn more about firmware updates for Beats. You can check the firmware version of your wireless headphones in Bluetooth settings on your device. 1. On your iPhone or iPad, go to Settings > Bluetooth. On your Mac, go to System Settings > Bluetooth. 2. Tap on the info button next to your headphones. - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmRS94AACgkQ4RjMIDke Nxnu4g/+ORGK+ShjgE7mTdv7kmpBLzslblq6S9h/z3Q5GDcs9nyzxkXt3Q9/WRRd gUoPdGavnsIqfY5yU7qig1ybUQItEsGuEz4jF32gmXTuUMTUnAYHVSZYgmo/6tlT 2Vvo08R+5fNWjBNxqEQMM0hQjzj3I37fsIEBR7CwGvzvsofrctRkfPuEi6q+yztM mM1LuVAixeHTy2J/GLXPA62WBUVdfooEAEIHQADHbXRgvvjALhIegyut4DY7BjJK SYo/n5U8NHxh/HjocgxATJUAUJU2ua2QrRWnzLA1n2HS9mJdm385FS3NZTRXfvTM MeAix7DAE82utWkweTIF5rmycjnQ8GHgqFSgtUWS9aMe7Hjj9872rDmIFwi2EQk0 LtWAElhqF4yGkwa42+CKraa48XR1Ai9/QBNoeJPkNzRu7UZrrB5inYNaWP6nGX8X TS2rrxHDo1PFUYI7eEkqu5pq78LEQzyvnfx5scBwBXfc4dmkuzmn9+UbYlHLoKmn i1w6mS8v0yXqCPXI+gG3dO3lmoshtPbqvaE+yTjLcG57rS61Dxol2Q00iL4ZvDbb Yp/9c08W1SkVh4PCeKss3+CxBZ2/a4GBpESjkq7EdipRVkXC3TjN+ZvGMETXetBW 102+c0gF49uBR+w+nouTRxK+boYBqPxAkhHsn7z6o31sCT2Op9s= =AsH2 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZFM2JckNZI30y1K9AQjAYg//d+nqKcmuiDEKB7MkBEhumbsyBM6ViHZ9 uqocx1Gjy4v7LcB4jY1+18AJGYZKbgNLEYglnc4oDXrS8qQgqSssCB+V8EcCkJ27 a2Vvk6bzMN6TaxBeCVXOC2rZhcU/ZaGnJRf7GcW78Ov12q/OpIHav3XHSOpmBNFA qrwdRzvk1zrMva6lBalkQGcz0H6huVHCu2vXZ2bafonWKjXK3znDR1v7EBh1rYYw Zmps04VzfK1I/LScfvaH/E4kXe4Ot4ZaRFvNNH370s4gc1vi3KsRyCr3BN+WZ6GF C+jpC3DZ3EbXkuhveSIQpmdcuiYU0UqN6CmA4gE5c2NtQWo921kQCmFRuFW7hduh lEE8sBfuMM+KiLb706Cz7GlBoYwbotSY7IMuv5SFN0PGJo/gUHd6eoNG4RmapgkA JYRBKTfWaS/RUmb7Rn2/PXXnYf2ngmE+3m56H/Ol6/h9pfGhE3/oUb5lE02t7qV0 tvtBwtgAuvNb1/Z6FA54mIgzRio17quSfFzB/81FRVpObnNQO5Dp7yBZksUGabSp VATR0yzBacfCgXPDbwKbSJ4hqo6Htvm3ecVyemG+rWEcYYFH84hHFcsCmjw5cImA t9UI1ZHmeyxpwb5GBfwjbN1/Zy/apy+p1w2jWWhWreluJgTkAxzi7H7b/jzzwuif w0TNbBHfpTI= =DDdX -----END PGP SIGNATURE-----