CVE-2022-32946
Description
An app may record audio via connected AirPods without user permission; fixed in iOS 16.1 and iPadOS 16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An app may record audio via connected AirPods without user permission; fixed in iOS 16.1 and iPadOS 16.
Vulnerability
The vulnerability, present in iOS 16.0 and iPadOS 16.0, allowed an app to record audio using a pair of connected AirPods without proper entitlement checks. The issue was addressed with improved entitlements in iOS 16.1 and iPadOS 16 [1].
Exploitation
An attacker would need to convince a user to install a malicious app on their device, then connect AirPods to the device. The app could then record audio from the AirPods' microphones without any additional user interaction or permission prompts, as the entitlement validation was insufficient [1].
Impact
Successful exploitation could allow an app to surreptitiously record audio, leading to disclosure of sensitive information captured via the AirPods' microphones [1].
Mitigation
Apple released iOS 16.1 and iPadOS 16 on October 24, 2022, which patch this vulnerability. Users should update their devices to the latest available versions. No workarounds are available for unpatched devices [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <16
- Range: <16.1
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.