Wireless headphones have become the go-to choice for so many people, and it’s easy to see why. They offer the freedom to move without tangled cables holding you back, and modern Bluetooth connections are more reliable than ever. On top of that, many wireless headphones deliver higher-quality sound than you’d expect, with impressive features like adaptive ANC (active noise cancelation) to block out distractions. Many wireless headphones now offer better battery life, too, giving you more uninterrupted playback whether you’re commuting, working out, or just kicking back with your favorite tunes.
Of course, some wireless headphones stand out from the rest, which is why Engadget has tested and reviewed the most popular options to help you find the perfect pair. Our picks are based on a mix of essential features like sound quality, ANC performance, comfort, and handy extras like companion apps for customization. Whether you’re after premium sound or a budget-friendly option, there’s a pair of wireless headphones for everyone.
How to choose the best wireless headphones for you
When it comes to shopping for a good pair of wireless headphones, the first thing you’ll need to decide on is wear style. Do you prefer on-ear or over-ear headphones? For the purposes of our buyer’s guide, we focus on the over-ear style as that’s what most noise-canceling headphones are nowadays. Sure, you can find on-ear models with ANC, but over-ear designs are much more effective at blocking sound. Speaking of noise cancellation, you’ll want to determine early on if you even want that. If you frequently crank up the beats in noisy environments, you’ll want to not only make sure it’s there, but also make sure it’s good, preferably with adaptive ANC. If you plan to use your new headphones in quieter spaces, skipping ANC can save you some money.
The next area to consider is features. We recommend trying to get the most bang for your buck, but as you’re shopping around you should determine which items are must-haves and what you can live without. And don’t take basic things like automatic pausing and Bluetooth multipoint connectivity for granted, as not all companies include them. We also suggest reading reviews to see how well a company’s more advanced features work. This will help you decide if those are something you’re willing to (likely) pay extra for. Keep an eye on better battery life estimates to avoid disappointment, as some manufacturers promise more hours than real-world testing delivers. And don’t be easily swayed by lofty promises about call quality without verifying them.
Advertisement
Sound can be subjective, so we recommend trying before you buy if at all possible. We understand this isn’t easy at a time when we’re doing most of our shopping online. But trying on a set of headphones and listening to them for a few minutes can save you from an expensive case of buyer’s remorse. We also recommend paying attention to things like Spatial Audio, Dolby Atmos, 360 Reality Audio and other immersive formats. Not all headphones support them, so you’ll want to make sure a perspective pair does if that sort of thing excites you. If you plan to use your headphones for other media besides music, checking for latency is also a must — some delay can impact playback for things like movies or games, even if most true wireless headphones now offer minimal lag.
How we test over-ear headphones
The primary way we test wireless headphones is to wear them as much as possible. We prefer to do this over a one- to two-week period, but sometimes embargoes don’t allow it. During this time, we listen to a mix of music and podcasts, while also using the earbuds to take both voice and video calls. Since battery life for headphones can be 30 hours or more, we drain the battery with looping music and the volume set at a comfortable level (usually around 75 percent). Due to the longer battery estimates, we’ll typically power the headphones off several times and leave them during a review. This simulates real-world use and keeps us from having to constantly monitor the process for over 24 straight hours.
To judge the best Bluetooth headphones, we focus on higher-quality audio by listening to a variety of genres and paying close attention to how each style sounds. We also test at both low and high volumes to check for consistency in the tuning. To assess the quality of phone calls, we’ll record audio samples with the headphones’ microphones as well as have third parties call us.
When it comes to features, we do a thorough review of companion apps, testing each feature as we work through the software. Any holdovers from previous models are double checked for improvements or regression. If the headphones we’re testing are an updated version of a previous model, we’ll spend time getting reacquainted with the older set. Ditto for the closest competition for each new set of headphones that we review.
Sony’s 1000X line has been our top pick for best wireless headphone for a long time now. Until another company can pack in as many high-quality features as Sony, and do so with a mix of excellent sound quality and effective ANC, the crown is safe. With the WH-1000XM5, Sony redesigned its flagship headphones, making them way more comfortable to wear for long periods of time. This is an important factor to consider when purchasing over-ear headphones. We also noticed in our tests that the company made noticeable improvements to the active noise cancellation, thanks to a separate V1 chip in addition to the QN1 that was inside the M4. There are now eight total ANC mics as well – the previous model only had four. This all combines to better block background noise and high frequencies, including human voices.
Advertisement
The 1000XM5 still has all of the features that typically make Sony’s top-of-the-line headphones showstoppers. That includes 30-hour battery life and crisp, clear sound with balanced tuning and punchy bass. A combo of touch controls and physical buttons give you on-board access to music, calls and noise modes without reaching for your phone. Speak-to-Chat automatically pauses audio when you begin talking, and like previous Sony headphones, the M5 can change noise modes based on your activity or location. Plus, this pair of headphones offers better call quality than most of the competition. The only real downside is that they’re $50 more than the WH-1000XM4 at full price ($400).
An upgraded version of the Px7 S2, the Px7 S2e’s changes are mostly in the sound department. Bowers & Wilkins updated the digital signal processing (DSP) engine for improved performance when streaming music. The changes it introduced include support for up to 24-bit high-resolution streaming from compatible services. The company says it also re-tuned the acoustics for “unmatched detail, dynamics and spaciousness,” which is the more noticeable tweak compared to the previous model. Those promises hold true, too: the Px7 S2e are at the top of our test unit pile in terms of overall sound quality, just like the Px7 S2 has been since their introduction.
Bowers & Wilkins kept the rest of what was so great about the Px7 S2 as well. Reliable physical controls don’t lead to any frustration when you use them and the ANC performance is good enough to block out a lot of distractions. Factor in the refined design and overall comfort, and you’ve got a great pair of headphones that rival the best. The Px7 S2e still doesn’t have a lot of the more advanced features that Sony offers, but they sound so good you might not even notice.
Noise cancellation: No | Multipoint: Yes | Battery life: 60 hours | Weight: 1.42 pounds | Water resistance: None
Advertisement
Audio-Technica has introduced affordable wireless headphones in the past, and while they didn’t offer active noise cancellation, they’re still worth considering. The company’s latest is the M20xBT, a Bluetooth version of the A-T’s popular M20x wired cans. For just $79, you can expect a comfortable fit and up to 60 hours of battery life. Bluetooth multipoint connectivity allows you to connect to multiple devices at once and physical buttons provide reliable on-board control. The design isn’t as refined as the company’s pricer models like the M50xBT2, but you get the bulk of what makes Audio-Technica’s cheaper options so good.
Bose’s unique take on spatial audio may be the headline feature on its QuietComfort Ultra Headphones, but the company didn’t overlook ANC on this model (Make no mistake — Sony takes the crown here for best ANC, but this Bose model is a close second.) Described as “the quietest quiet” available on any of its headphones yet, the ANC here is noticeably better than the Bose 700 and iconic QuietComfort Headphones. This is due in part to microphone enhancements that also improve call quality. The changes are especially apparent when dealing with the hard-to-combat frequency range of people talking. The company also offers presets that mix ANC, transparency mode and its spatial Immersive Audio, allowing you to quickly switch the sound to match your surroundings. And if that wasn’t enough, the touch controls make these over-ear headphones a breeze to use — so you get good noise cancelation, good sound and extra convenience bundled in this package.
While the spatial sound feature is a bit of a mixed bag, the stock tuning on the QuietComfort Ultra Headphones is still good – even before you switch on Immersive Audio. Bose has generally lagged the competition in terms of sonic prowess, but these over-ear headphones show that gap is narrowing. There’s a dash more bass to enhance a default sound profile that’s warmer, clearer and more inviting than previous Bose models, resulting in good sound overall. When Immersive Audio hits, it’s amazing and the audio quality is truly remarkable. But, the company is relying on signal processing rather than specially crafted content so the results vary.
Back at CES 2022, Panasonic announced the EAH-A800: a new set of active noise canceling headphones under the iconic Technics brand. While most of the features are what you see on any number of wireless headphones, one figure stood out. The company says you can expect up to 50 hours of battery life on the A800, and that’s with active noise cancellation enabled. While we haven’t put them through the full review analysis, I have already tested them on a long flight. The ANC is impressive and they’re comfortable enough to avoid becoming a burden after several hours or many long listening sessions. Sound quality is also quite good (there’s LDAC support, too) and there are enough features here to justify the premium price tag.
While Master & Dynamic is known for its design prowess, the company’s over-ear headphones were due for a refresh. With the MW75 that debuted in June, the company opted for a look that takes cues from its MG20 gaming headphones and mixes them with a combo of aluminum, leather and tempered glass. The company’s trademark sound quality returns with multiple ANC modes and ambient sound options for a range of situations. At $599, the high-end looks don’t come cheap, but if you’re looking for something beyond the pure plastic fashion of most headphones, M&D has you covered.
Apple’s AirPods Max are premium, well-designed over-ear headphones that incorporate all of the best features you find on standard AirPods: solid noise cancelation, spatial audio and easy Siri access. However, their $550 starting price makes them almost prohibitively expensive, even for Apple users. There are better options available at lower prices, but if you can pick up the AirPods Max at a steep discount, they might be worthwhile for the biggest Apple fans among us.
Dyson On-Trac
The On-Trac headphones have an almost infinitely customizable design, and that’s what’s most unique about them. The sound profile offers some nice detail, but lacks dynamic range overall. ANC is average at best and there aren’t any advanced features that will make your life easier. Well, except for the hearing health monitor which is actually handy. All told, that’s not a lot in a set of $500 headphones.
Sonos Ace
The Sonos Ace is an excellent debut for the company’s first headphones. The combination of refined design, great sound quality and home theater tricks creates a unique formula. However, ANC performance is just okay and key functionality is still in the works for many users.
Sony ULT Wear
If most headphones don’t have the level of bass you desire, the ULT Wear is an option to consider. The low-end thump isn’t for everyone, but there are also plenty of handy features and a refined look to make the $200 set more compelling than many in this price range.
Sony WH-CH720N
While the WH-CH720N are a great affordable option, we prefer the Audio-Technica in the budget category. Sony’s cans are lightweight with good sound quality, but ANC struggles at times and they’re made with a lot of plastic.
Advertisement
Beats Studio Pro
The Studio Pro lacks basic features like automatic pausing, and multipoint connectivity is only available on Android. Moreover, they’re not very comfortable for people with larger heads. Overall sound quality is improved, though, and voice performance on calls is well above average.
Bose QuietComfort Ultra headphones
Bose’s latest flagship model has a lot to offer, but its trademark Immersive Audio feature can be inconsistent across different types of music. There’s still world-class ANC, excellent comfort and a clearer transparency mode, but for the price, the non-Ultra model is a better choice right now.
Master & Dynamic MH40 (2nd gen)
The MH40 are a great set of headphones if you favor crisp, clear and natural sound that isn’t overly tuned. This pair showcases the company’s affinity for leather and metal too, but limited customization and short battery life for non-ANC cans kept this set from making the cut.
Bowers & Wilkins Px8
The company’s trademark pristine sound is on display here, but the Px8 are more expensive and not nearly as comfortable as the Px7 S2.
Advertisement
Wireless headphones FAQs
How can you tell the quality of wireless headphones?
I typically look at three factors: design, sound quality and features. In terms of design, I’m usually looking to see if the build quality of the headphones feels cheap and plasticky. Plenty of companies use plastic, but they can do so in a way that doesn’t look or feel like budget models. For sound quality, I want to hear a nice, even tuning where highs, mids and lows are all well represented. No overly boomy bass or scooped out mids. I also want good clarity where you can pick up fine details and an open, immersive soundstage. Features is typically a distant third, but if a company doesn’t cover basic functionality (automatic pausing, transparency mode, multipoint Bluetooth, etc.) it can be an indication of overall quality.
How do I choose the best quality wireless headphones?
“Best” can be pretty subjective, but I always recommend going to a place where you can listen to the headphones you’re thinking about buying before you commit. Sometimes this isn’t possible, so you’ll want to check return policies. I also recommend doing some research to determine what your priorities are in a new set. Are you an audiophile who wants the best sound quality? Is powerful active noise cancellation (ANC) the most important? Would you rather have conveniences like automatic pausing?
Which brand has the best wireless headphones?
Sony consistently tops our list with its 1000X line. This is mostly due to the combination of sound quality, ANC performance and the truckload of features these headphones pack in. I’ll be the first to tell you that there are better sounding options and other companies, like Bose, offer more effective noise cancellation. But when you add everything up, no one comes close to the full slate of tools Sony puts in its premium headphone line.
Do expensive wireless headphones sound better?
Exorbitant price tags don’t mean better audio quality. Bowers & Wilkins’headphones are on the high end for wireless noise-canceling models and they sound amazing. However, Audio-Technica’s M50xBT2 is much more affordable and doesn’t have ANC, but these headphones have a warm, natural sound profile that I find very inviting. At the end of the day, it will come down to personal preference, but you don’t need to spend a lot to find great headphones.
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
While many existing risks and controls can apply to generative AI, the groundbreaking technology has many nuances that require new tactics, as well.
Models are susceptible to hallucinations, or the production of inaccurate content. Other risks include the leaking of sensitive data via a model’s output, tainting of models that can allow for prompt manipulation and biases as a consequence of poor training data selection or insufficiently well-controlled fine-tuning and training.
Ultimately, conventional cyber detection and response needs to be expanded to monitor for AI abuses — and AI should conversely be used for defensive advantage, said Phil Venables, CISO of Google Cloud.
Advertisement
“The secure, safe and trusted use of AI encompasses a set of techniques that many teams have not historically brought together,” Venables noted in a virtual session at the recent Cloud Security AllianceGlobal AI Symposium.
Lessons learned at Google Cloud
Venables argued for the importance of delivering controls and common frameworks so that every AI instance or deployment does not start all over again from scratch.
“Remember that the problem is an end-to-end business process or mission objective, not just a technical problem in the environment,” he said.
Nearly everyone by now is familiar with many of the risks associated with the potential abuse of training data and fine-tuned data. “Mitigating the risks of data poisoning is vital, as is ensuring the appropriateness of the data for other risks,” said Venables.
Advertisement
Importantly, enterprises should ensure that data used for training and tuning is sanitized and protected and that the lineage or provenance of that data is maintained with “strong integrity.”
“Now, obviously, you can’t just wish this were true,” Venables acknowledged. “You have to actually do the work to curate and track the use of data.”
This requires implementing specific controls and tools with security built in that act together to deliver model training, fine-tuning and testing. This is particularly important to assure that models are not tampered with, either in the software, the weights or any of their other parameters, Venables noted.
“If we don’t take care of this, we expose ourselves to multiple different flavors of backdoor risks that can compromise the security and safety of the deployed business or mission process,” he said.
Advertisement
Filtering to fight against prompt injection
Another big issue is model abuse from outsiders. Models may be tainted through training data or other parameters that get them to behave against broader controls, said Venables. This could include adversarial tactics such as prompt manipulation and subversion.
Venables pointed out that there are plenty of examples of people manipulating prompts both directly and indirectly to cause unintended outcomes in the face of “naively defended, or flat-out unprotected models.”
This could be text embedded in images or other inputs in single or multimodal models, with problematic prompts “perturbing the output.”
“Much of the headline-grabbing attention is triggering on unsafe content generation, some of this can be quite amusing,” said Venables.
Advertisement
It’s important to ensure that inputs are filtered for a range of trust, safety and security goals, he said. This should include “pervasive logging” and observability, as well as strong access control controls that are maintained on models, code, data and test data, as well.
“The test data can influence model behavior in interesting and potentially risky ways,” said Venables.
Controlling the output, as well
Users getting models to misbehave is indicative of the need to manage not just the input, but the output, as well, Venables pointed out. Enterprises can create filters and outbound controls — or “circuit breakers” —around how a model can manipulate data, or actuate physical processes.
“It’s not just adversarial-driven behavior, but also accidental model behavior,” said Venables.
Advertisement
Organizations should monitor for and address software vulnerabilities in the supporting infrastructure itself, Venables advised. End-to-end platforms can control the data and the software lifecycle and help manage the operational risk of AI integration into business and mission-critical processes and applications.
“Ultimately here it’s about mitigating the operational risks of the actions of the model’s output, in essence, to control the agent behavior, to provide defensive depth of unintended actions,” said Venables.
He recommended sandboxing and enforcing the least privilege for all AI applications. Models should be governed and protected and tightly shielded through independent monitoring API filters or constructs to validate and regulate behavior. Applications should also be run in lockdown loads and enterprises need to focus on observability and logging actions.
In the end, “it’s all about sanitizing, protecting, governing your training, tuning and test data. It’s about enforcing strong access controls on the models, the data, the software and the deployed infrastructure. It’s about filtering inputs and outputs to and from those models, then finally making sure you’re sandboxing more use and applications in some risk and control framework that provides defense in depth.”
Advertisement
VB Daily
Stay in the know! Get the latest news in your inbox daily
Buying a home has always been complicated. You have to figure out how much money to put down and how that down payment will affect a monthly mortgage bill. Then there are the closing costs and fees. Kevin Bennett launched Further to try to help make the financial process easier to navigate — especially for first-time buyers.
Further is a fintech platform that walks users through the financial side of home buying. The company’s first product, which goes live Friday, is a calculator that shows what people can afford and what their monthly mortgage payments and closing costs could look like, among other metrics based on real-time interest rates.
Unlike other mortgage calculators that you can find on Zillow and LendingTree, Further looks to give users more than the numbers. It tells users how easy it will be for them to find a loan based on their financial status, whether they should wait to buy, or if they should pursue specific types of loans based on their financial profile, among others.
The platform is currently free to use. The company plans to monetize once it releases more product developments but declined to share details.
Advertisement
“A generation ago, our parents bought a $200,000 home with a 20% mortgage, and it was very straightforward,” Bennett said. “There was one kind of mortgage, and that’s what you did and it’s just more complicated. There are lots of kinds of mortgages. There are lots of implications. Homes are much more expensive now, so there’s just a lot more complexity, and it’s a much bigger financial decision.”
Last year Bennett found himself looking for something new to work on after stepping back from Caribou, the auto loan refinancing startup he co-founded in 2016 and where he served as CEO. He knew he wanted to do something else mission-oriented but wasn’t sure where.
He started looking into real estate, a category he said he’s always been fascinated with. The fact that his whole family works in real estate helped, too. He started talking to folks who had purchased their home within the last two years and found a lot of common pain points: People didn’t understand the process and were relying on homemade spreadsheets to try to figure out what they could afford.
Bennett also had a personal experience: He bought and sold a townhouse in his 20s and was surprised to find out he endured a $30,000 loss, despite selling the home for the original purchase price. That’s because he missed out on certain home improvements that could’ve increased the house’s value.
Advertisement
“You can’t hit the undo button once you buy that house,” Bennett said. “It felt like there was a gap in the market. It felt like it was a lot more complicated than it was a generation ago.”
He reached out to his friend Chris Baker, a real estate expert, and former head of product at EasyKnock, about his idea last year. The pair got to work fast. Their first conversation was November 3, 2023. They decided to work together in January, launched the product in April, and raised an undisclosed pre-seed round in June. Now, they are coming out of stealth.
“Our goal is to take care of the complicated jargon and stuff and really help you understand as easily as possible what it is you need to know, with transparency, obviously, but also putting you in the driver’s seat and in control,” he said.
The company’s previously undisclosed pre-seed round raised $4.1 million from investors including Link Ventures, Vesta Ventures, and Fidi Ventures, among others. Bennett said that fundraising wasn’t too challenging, as half of the capital the company raised was from investors who backed him while he was at Caribou. Bennett thinks his track record as a founder made a big difference. The company built its cap table intentionally to include angel investors who have experience in the real estate market, he said.
Advertisement
This kind of financial information and guidance seems like something a Zillow or Redfin would be ripe to copy especially considering Zillow already offers a mortgage calculator and some advice of its own. But Bennett said he wasn’t super concerned about the competition. He said he thinks that many companies either fall on the proptech side or the fintech side and rarely in the middle, as Further does, which gives it more of a moat.
But Further is definitely not the only company that sits between proptech and fintech that is aimed at consumers. Online mortgage startup Better.com, which allows consumers to browse for mortgage options or refinance an existing one, is a good example.
It will likely depend on what Further unveils in its planned Q1 product release that will include more features and capabilities, but Bennett didn’t share too many details just yet. For now, users can use Further to get an idea of what they can afford and what they can expect to pay when buying a house.
“My hope is that we can enable people with the right insights and information to make good decisions and plan for this really big part of their life in a way that gives them confidence, puts them at ease and and lets them focus on, you know, what they really want to focus on, which is kind of that that dream of being a homeowner,” Bennett said.
A newly proposed cosmic speed limit may constrain how fast anything in the universe can grow. Its existence follows from Alan Turing’s pioneering work on theoretical computer science, which opens the intriguing possibility that the structure of the universe is fundamentally linked to nature of computation.
Cosmic limits are not a new idea. While studying the relationship between space and time, Albert Einstein showed that nothing in the universe can exceed the speed of light, as part of his special theory of relativity. Now, Toby Ord at…
The addition of a 4.3-inch color TFT screen makes the new Wyze Scale Ultra one of the brand’s most expensive smart scales to date, but at $43.99, it’s still considerably cheaper than offerings from companies like Withings. It’s available from Wyze directly or from Amazon in white or black.
The Wyze Scale Ultra says it can track 13 different health metrics, including your heart rate, your metabolic age (a comparison of how your body burns calories at rest to others your age), and measurements of fat, muscle, and water.
Previous versions of Wyze’s smart scales featured simple segmented LED displays to display basic information like weight, BMI, and muscle mass, leaving more detailed breakdowns of your health metrics for an accompanying mobile app. The Wyze Scale Ultra can display more data, including how measurements like weight or body fat have fluctuated over time, and it’s customizable, so it only displays what you want it to.
The information displayed on the Wyze Scale Ultra’s full color screen can be customized by each user.Image: Wyze
Advertisement
Like the Wyze Scale X introduced in 2022, the Scale Ultra offers modes for easily weighing pets, babies, or luggage and a pregnancy mode that turns off the weak electrical current used for bioelectric impedance analysis (BIA) as an added safety precaution.
The Wyze Scale Ultra can also be used to weigh pets, children, and luggage.Image: Wyze
Connectivity includes both Bluetooth and Wi-Fi, and the Wyze Scale Ultra can automatically recognize and sync measured health metrics for up to eight different users — either to its mobile app or to the Apple Health, Google Fit, and Fitbit platforms. It’s not rechargeable, however. It runs on four AA batteries, which Wyze says will keep the scale powered for up to nine months.
The outcome of the U.S. presidential election on Nov. 5 won’t affect oil production levels in the short- to medium term, Exxon CEO Darren Woods told CNBC on Friday.
Former President Donald Trump has called for unconstrained oil and gas production to lower energy prices and fight inflation, boiling his energy policy down to three words on the campaign trail: “Drill, baby, drill.”
“I’m not sure how drill, baby, drill translates into policy,” Woods told CNBC’s “Squawk Box” Friday after the largest U.S. oil and gas company reported third-quarter results.
Woods said U.S. shale production does not face constraints from “external restrictions.” The U.S. has produced record amounts of oil and gas during the Biden administration.
Over the past six years, the U.S. has produced more crude oil than any other nation in history, including Saudi Arabia and Russia, according to the Energy Information Administration.
Advertisement
Output in the U.S. is driven by the oil and gas industry deploying technology and investment to generate shareholder returns based on the break-even cost of production, the CEO said.
“Certainly we wouldn’t see a change based on a political change but more on an economic environment,” Woods said. “I don’t think there’s anybody out there that’s developing a business strategy to respond to a political agenda,” he said.
While shale production has not faced constraints on developing new acreage, there are resources in areas like the Gulf of Mexico that have not opened up due to federal permitting, the CEO said.
“That could, for the longer term, open up potential sources of supply,” Wood said. In the short- to medium term, however, unconventional shale resources are available and it’s just a matter of developing them based on market dynamics, he said.
Advertisement
Exxon Mobil shares in 2024.
The vast majority of shale resources in the U.S. are on private land and regulated at the state level, according to an August note from Morgan Stanley. About 25% of oil and 10% of natural gas is produced on federal land and waters subject to permitting, according to Morgan Stanley.
Vice President Kamala Harris opposed fracking during her bid for the 2020 Democratic presidential nomination. She has since reversed that position in an effort to shore up support in the crucial swing state of Pennsylvania, where the natural gas industry is important for the state’s economy.
LiteSpeed Cache, an immensely popular WordPress plugin for site performance optimization, suffered from a vulnerability which allowed threat actors to gain admin status.
With such elevated privileges, they would be able to perform all sorts of malicious activities on the compromised websites.
According to researchers from Patchstack, the vulnerability was discovered in the is_role_simulation function, and it is relatively similar to a different vulnerability that was discovered last summer. The function apparently used a weak security hash check that could be broken with brute force, granting the attackers the ability to abuse the crawler feature and simulate a logged-in administrator.
Who is vulnerable?
There are a few factors that need to align before the vulnerability can be abused, though.
That includes having the crawler turned on, with run duration between 2500 and 4000, and the intervals between runs being set to 2500- 4000. Furthermore, Server Load Limit should be set to 9, Role Simulation to 1 (ID of user with admin role), and Turn every row to OFF except Administrator should be activated.
Advertisement
The vulnerability is now tracked as CVE-2024-50550, and has a severity score of 8.1 (high severity). It was already patched, with the version 6.5.2 of the plugin being the earliest clean one. LiteSpeed Cache is one of the most popular plugins of its kind, with more than six million active installations.
There is no talk of any evidence of in-the-wild abuse, so chances are cybercrooks have not picked up on the vulnerability in the past.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
However, now that the patch is public, it’s only a matter of time before they start scanning for vulnerable websites. Currently, almost three-quarters (72.1%) of all LiteSpeed Cache websites are running the latest version, 6.5, with 6.7% running 6.4, and a notable 21.2% running “other” versions. Therefore, at least 27.6% of sites could be targeted, which is more than 1.6 million.
You must be logged in to post a comment Login