Apple says, "The application may be able to record audio using a pair of connected AirPods", adding that it solves the core Bluetooth issue in iOS 16.1 and improves permissions. The credit for the discovery and reporting of the error in August 2022 was the application developer Guillerme Rambo. The vulnerability, known as SiriSpy, has been assigned the identifier CVE-2022-32946.
"Any app that has access to Bluetooth can record your conversation with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headset ," Rambo said in an article.
According to Rambo, the vulnerability is related to a service called DoAP, which is included in AirPods for Siri and dictation support, allowing malicious actors to make an application that can connect to AirPods via Bluetooth and record audio in the background.
More complicated is that "no request to access the microphone, the instructions in the control center are only listed' Siri and Dictation', instead of an application that bypasses microphone permissions by talking directly with AirPods via Bluetooth LE.
While the attack requires the application to have access to Bluetooth, this restriction can be easily bypassed because users who grant Bluetooth access to the application are unlikely to expect it to also open the door to access conversations and dictation audio with Siri.
However On macOS, the vulnerability can be abused to achieve a complete bypass of the transparency, consent and control (TCC) security framework, which means that any application can record conversations with Siri without asking for any permissions first.
Rambo said the reason for this behavior is due to the lack of rights checks on the BTLE server proxy, the daemon service responsible for handling DoAP audio.
software patches to fix this vulnerability can be used for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and iPad mini 5th generation and later. This issue has been resolved in all supported macOS versions.
iOS 16.1 update was released on October 24, 2022, fixing a total of 20 vulnerabilities, including kernel vulnerabilities (CVE-2022-42827), which disclosed that the vulnerability is actively exploited in the wild.
Comrades, upgrade the update quickly!
