MacOS bug could’ve allowed apps to listen to Siri conversations

A security vulnerability in Apples iOS and macOS operating systems, identified as CVE-2022-32946, might have allowed programs with Bluetooth access to listen in on Siri conversations, The Hacker News reports. According to Guilherme Rambo, an app developer credited with discovering CVE-2022-32946, the now-patched security flaw relates to the DoAP service thats built into AirPods for Siri and Dictation support, allowing a malicious actor to create an app that could be connected to the AirPods through Bluetooth and capture audio in the background. Although the attack needs the app to have access to Bluetooth, this restriction can easily be gotten around because users who offer the app Bluetooth access are unlikely to anticipate that it may also give the app access to their Siri talks and audio from dictation. Apple's iOS 16.1 update included fixes for 20 flaws in total, such as the CVE-2022-42827 Kernel vulnerability that Apple stated is currently being exploited.