"Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri"

A now-patched security flaw in Apple's iOS and macOS operating systems could have allowed apps with Bluetooth access to listen in on Siri conversations. Apple stated that an app may be able to record audio using a pair of connected AirPods, and that the Core Bluetooth issue was addressed in iOS 16.1 with improved entitlements. Guilherme Rambo, an app developer, is credited with discovering and reporting the bug in August 2022. The bug called SiriSpy has been assigned the identifier CVE-2022-32946. Any app with Bluetooth access could record a user's conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headphones, according to Rambo. This would occur without the app requesting microphone access permission or leaving any indication that it was listening to the microphone. According to Rambo, the vulnerability is related to a service called DoAP, which is included in AirPods for Siri and dictation support, allowing a malicious actor to create an app that could connect to the AirPods via Bluetooth and record audio in the background. This is worsened by the fact that there is no request for microphone access, and the notification in the Control Center only lists 'Siri & Dictation,' not the app that was bypassing microphone permission by talking directly to the AirPods via Bluetooth LE. This article continues to discuss the Apple iOS and macOS flaw that could have let apps eavesdrop on conversations with Siri.

THN reports "Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri"