Apple released a new AirPods firmware update this week (5E135) that, according to the release notes, includes “bug fixes and other improvements” like the ones before and the ones before. But in a rare move, Apple revealed what was fixed in the April 11 Update, and it includes a pretty serious security patch.
According to Apple’s security content page, firmware update 5E133 fixes a Bluetooth bug (CVE-2023-27964) that affects all AirPods models, though the original 2016 AirPods remain unpatched as they no longer receive updates. Here’s how Apple describes the problem, which was discovered by Yun-hao Chung and Archie Pusaka of Google ChromeOS:
bluetooth
- Available for: AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max
- Influence: When your headphones make a connection request with one of your previously paired devices, an attacker within Bluetooth range may be able to spoof the intended source device and gain access to your headphones.
- Description: An authentication issue was addressed through improved state management.
The same bug has been fixed in Beats headphones with firmware update 5B66 released this week. It’s not clear what the new AirPods firmware fixes, but it came along with the first Rapid Security Response update for iOS, iPadOS, and macOS.
To check what firmware is installed on your AirPods, go to the Settings app on your iPhone, tap Bluetooth, then tap the Info button (“i”) next to the name of your AirPods. Then, on the next screen, scroll down to the About section to find the firmware version. On a Mac, go to the Bluetooth tab in System Settings or System Preferences, then click the About button next to the name of your AirPods.
Apple has no clear way to update AirPods. The case must be plugged in while the AirPods are charging and near an Apple device for the update to install. If you don’t have an Apple device, you won’t be able to update your AirPods and you’ll need to go to the Apple Store.
