As per Apple’s reports, Guilherme Rambo, an app developer discovered an error now known as CVE-2022-32946 that left macOS and iOS devices spied on when talking to Siri and recorded messages while using Beats headset and AirPods through WiFi.
iPad, Mac, and iPhone were identified with this flaw which could be hacked while using audio attachments due to the “app needing microphone access or showing that it was using the microphone.”
The app developer experienced dips in audio quality using Siri with Airpods but with a microphone in macOS, it was normal and the dips returned while he was in a video conference. He wrote a command called bleutil to test and found that the tool obstructed audio for Bluetooth devices that were connected to macOS. Also, it did not ask for permission to access the system.
Rambo created an app to record users using Siri without permission, it would not register on the control center and the only thing that came was Siri And Dictation. It was compatible with iPhone, iPad, Apple Watch, and TV iOS 15, and iOS 16 betas.
On August 26th, he reported this vulnerability to Apple and they investigated to find a solution that is implemented in iOS 16.1 in iPhones and macOS Ventura. It is unclear if anybody hacked into these devices while the flaw existed.
Apple rewarded Rambo with $70,000 for his endeavors. Apple encountered problems with Bluetooth earlier too, it released an update for macOS Monterey 12.3.1 to fix issues with Bluetooth and display which troubled the users for a few weeks. It was sent to fix an error with power management while using Bluetooth headphones.