Apple released a new AirPods firmware update this week (5E135) that, according to the release notes, includes “bug fixes and other improvements,” like the one before it and the one before that. But in a rare move, Apple has divulged what was fixed in the April 11 update and it includes a pretty serious security patch.
According to Apple’s security content page, the 5E133 firmware update fixes a Bluetooth flaw (CVE-2023-27964) that affects all AirPods models, though the original AirPods from 2016 remain unpatched since they no longer get updates. Here’s how Apple describes the issue, which was discovered by Yun-hao Chung and Archie Pusaka of Google ChromeOS:
- Available for: AirPods (2nd generation and later), AirPods Pro (all models), AirPods Max
- Impact: When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
- Description: An authentication issue was addressed with improved state management.
The same flaw was fixed in Beats headphones with Firmware Update 5B66 released this week. It’s not clear what the new AirPods firmware fixes, but it arrived alongside the first Rapid Security Response update for iOS, iPadOS, and macOS.
To check which firmware is installed on your AirPods, go to the Settings app on your iPhone, tap Bluetooth, and then tap the Info button (“i”) next to the name of your AirPods. Then on the next screen, scroll down to the About section to find the firmware version. On a Mac, go to the Bluetooth tab in System Settings or System Preferences, then click the Info button next to the name of your AirPods.
Apple doesn’t have a clear way to update AirPods. The case needs to be plugged in with the AirPods charging and near an Apple device so the update can install. If you don’t have an Apple device, you can’t update your AirPods and need to take a trip to the Apple Store.