Operating System:

[Mobile][Apple iOS]

Published:

04 May 2023

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2023.2501 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.2501
       AirPods Firmware Update 5E133 and Beats Firmware Update 5B66
                                4 May 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           AirPods
                   Beats
Publisher:         Apple
Operating System:  Apple iOS
                   Mobile Device
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-27964  

Original Bulletin: 
   https://support.apple.com/HT213752

Comment: CVSS (Max):  None available when published

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2023-05-03-1 AirPods Firmware Update 5E133 and
Beats Firmware Update 5B66

AirPods Firmware Update 5E133 and Beats Firmware Update 5B66
address the following issues. Information about the security content
is also available at https://support.apple.com/HT213752.

AirPods Firmware Update 5E133

Released April 11, 2023

Bluetooth

Available for: AirPods (2nd generation and later), AirPod Pro (all models),
AirPods Max

Impact: When your headphones are seeking a connection request to one
of your previously paired devices, an attacker in Bluetooth range might be
able to spoof the intended source device and gain access to your headphones.

Description: An authentication issue was addressed with improved state
management.

CVE-2023-27964: Yun-hao Chung and Archie Pusaka of Google
ChromeOS

Firmware updates are automatically delivered while your AirPods are
charging and in Bluetooth range of your iPhone, iPad, or Mac.
Learn more about firmware updates for AirPods. 


Beats Firmware Update 5B66

Released May 2, 2023

Bluetooth

Available for: Powerbeats Pro, Beats Fit Pro

Impact: When your headphones are seeking a connection request to one
of your previously paired devices, an attacker in Bluetooth range might be
able to spoof the intended source device and gain access to your headphones.

Description: An authentication issue was addressed with improved state
management.

CVE-2023-27964: Yun-hao Chung and Archie Pusaka of Google
ChromeOS

If you paired your Beats wireless headphones with your iPhone, iPad, or
Mac, your Beats will update automatically. Learn more about firmware updates
for Beats. 

You can check the firmware version of your wireless headphones in Bluetooth
settings on your device. 

1. On your iPhone or iPad, go to Settings > Bluetooth. On your Mac, go to
System Settings > Bluetooth. 
2. Tap on the info button next to your headphones.

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmRS94AACgkQ4RjMIDke
Nxnu4g/+ORGK+ShjgE7mTdv7kmpBLzslblq6S9h/z3Q5GDcs9nyzxkXt3Q9/WRRd
gUoPdGavnsIqfY5yU7qig1ybUQItEsGuEz4jF32gmXTuUMTUnAYHVSZYgmo/6tlT
2Vvo08R+5fNWjBNxqEQMM0hQjzj3I37fsIEBR7CwGvzvsofrctRkfPuEi6q+yztM
mM1LuVAixeHTy2J/GLXPA62WBUVdfooEAEIHQADHbXRgvvjALhIegyut4DY7BjJK
SYo/n5U8NHxh/HjocgxATJUAUJU2ua2QrRWnzLA1n2HS9mJdm385FS3NZTRXfvTM
MeAix7DAE82utWkweTIF5rmycjnQ8GHgqFSgtUWS9aMe7Hjj9872rDmIFwi2EQk0
LtWAElhqF4yGkwa42+CKraa48XR1Ai9/QBNoeJPkNzRu7UZrrB5inYNaWP6nGX8X
TS2rrxHDo1PFUYI7eEkqu5pq78LEQzyvnfx5scBwBXfc4dmkuzmn9+UbYlHLoKmn
i1w6mS8v0yXqCPXI+gG3dO3lmoshtPbqvaE+yTjLcG57rS61Dxol2Q00iL4ZvDbb
Yp/9c08W1SkVh4PCeKss3+CxBZ2/a4GBpESjkq7EdipRVkXC3TjN+ZvGMETXetBW
102+c0gF49uBR+w+nouTRxK+boYBqPxAkhHsn7z6o31sCT2Op9s=
=AsH2
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZFM2JckNZI30y1K9AQjAYg//d+nqKcmuiDEKB7MkBEhumbsyBM6ViHZ9
uqocx1Gjy4v7LcB4jY1+18AJGYZKbgNLEYglnc4oDXrS8qQgqSssCB+V8EcCkJ27
a2Vvk6bzMN6TaxBeCVXOC2rZhcU/ZaGnJRf7GcW78Ov12q/OpIHav3XHSOpmBNFA
qrwdRzvk1zrMva6lBalkQGcz0H6huVHCu2vXZ2bafonWKjXK3znDR1v7EBh1rYYw
Zmps04VzfK1I/LScfvaH/E4kXe4Ot4ZaRFvNNH370s4gc1vi3KsRyCr3BN+WZ6GF
C+jpC3DZ3EbXkuhveSIQpmdcuiYU0UqN6CmA4gE5c2NtQWo921kQCmFRuFW7hduh
lEE8sBfuMM+KiLb706Cz7GlBoYwbotSY7IMuv5SFN0PGJo/gUHd6eoNG4RmapgkA
JYRBKTfWaS/RUmb7Rn2/PXXnYf2ngmE+3m56H/Ol6/h9pfGhE3/oUb5lE02t7qV0
tvtBwtgAuvNb1/Z6FA54mIgzRio17quSfFzB/81FRVpObnNQO5Dp7yBZksUGabSp
VATR0yzBacfCgXPDbwKbSJ4hqo6Htvm3ecVyemG+rWEcYYFH84hHFcsCmjw5cImA
t9UI1ZHmeyxpwb5GBfwjbN1/Zy/apy+p1w2jWWhWreluJgTkAxzi7H7b/jzzwuif
w0TNbBHfpTI=
=DDdX
-----END PGP SIGNATURE-----