Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking

Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers...

EUVD-2020-26751

Malware in sbrugna...

Bluetooth vulnerability in audio devices can be exploited to spy on users

Researchers have found vulnerabilities in 29 Bluetooth devices like speakers, earbuds, headphones, and wireless microphones from reputable companies including Sony, Bose, and JBL. The vulnerabilities could be exploited to spy on users, and even steal information from the device. The researchers w...

PT-2025-27363

Name of the Vulnerable Software and Affected Versions Airoha Bluetooth audio SDK affected versions not specified Description The Airoha Bluetooth audio SDK contains a flaw that allows Bluetooth audio devices to pair without user consent. This can result in remote escalation of privilege without...

CVE-2024-48542

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2020-5589

SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as...

CVE-2024-48542

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2024-48542

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

Yamaha Headphones Controller 安全漏洞

Yamaha Headphones Controller is an application from Yamaha Japan. It is used to control and personalize the settings of Yamaha's headphone products. A security vulnerability exists in Yamaha Headphones Controller version v1.6.7 that stems from incorrect access control during firmware updates and...

CVE-2024-48542

Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file...

CVE-2024-48542

CVE-2024-48542 affects Yamaha Headphones Controller, version 1.6.7. According to the connected sources, the root cause is incorrect access control in the firmware update and download processes, which enables attackers to access sensitive information by inspecting the APK’s code and data. Impact i...

PT-2024-33141 · Yamaha · Yamaha Headphones Controller

Name of the Vulnerable Software and Affected Versions: Yamaha Headphones Controller version 1.6.7 Description: The issue concerns incorrect access control in the firmware update and download processes, allowing attackers to access sensitive information by analyzing the code and data within the AP...

Sony: 明確な認証不備および潜在的な中間者攻撃の可能性（Clear Authentication Deficiencies & Potential for Man-in-the-Middle Attacks）

The WH-1000XM5 headphones were found to have an authentication vulnerability that allowed an attacker to connect to the device without going through the proper pairing process. This vulnerability could be combined with existing Bluetooth attacks to enable man-in-the-middle attacks...

CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 This document describes the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. About Apple security updates For our...

Apple AirPods和Beats 安全漏洞

Apple AirPods and Apple Beats are both headphones from the American company Apple Apple. A security vulnerability exists in Apple AirPods and Beats. An attacker exploiting the vulnerability could gain access to the headphones...

Tracking People by their MAC Addresses

Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but...

CVE-2020-5589

SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as...

Code injection

SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as...

CVE-2020-5589

Affected products: Sony wireless headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N. Vulnerability: within Bluetooth range, an attacker can perform Bluetooth pairing and control functions (e.g., change volume) due to ...