Apple released a new AirPods firmware update (5E135) this week which, according to the release notes, includes “bug fixes and other improvements” like the one above and above. But in a rare move, Apple disclosed what was fixed in the April 11 update and it includes a pretty serious security patch.
According to Apple’s security content page, firmware update 5E133 fixes a Bluetooth flaw (CVE-2023-27964) that affects all AirPods models, although original AirPods from 2016 remain unpatched because they no longer receive updates. Here’s how Apple describes the issue, which was discovered by Yun-hao Chung and Archie Pusaka of Google ChromeOS:
Bluetooth
- Available for: AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max
- Impact: When your headphones seek a connection request from one of your previously paired devices, an attacker within Bluetooth range may be able to spoof the intended source device and gain access to your headphones.
- Description: An authentication issue was addressed through better state management.
The same flaw has been fixed in Beats headphones with firmware update 5B66 released this week. The new AirPods firmware fixes are unclear, but they arrived alongside the first Rapid Security Response update for iOS, iPadOS, and macOS.
To check what firmware is installed on your AirPods, go to the Settings app on your iPhone, tap Bluetooth, then tap the Info (“i”) button next to your AirPods name. Then on the next screen, scroll down to the About section to find the firmware version. On a Mac, go to the Bluetooth tab in System Settings or System Preferences, then click the Info button next to your AirPods name.
Apple doesn’t have a clear way to update AirPods. The case must be plugged in with the AirPods charging and near an Apple device for the update to install. If you don’t have an Apple device, you can’t update your AirPods and need to go to the Apple Store.