BigTech CompaniesCybersecurityNewswireTechnology

Apple fixes eavesdropping bug in Beats Studio Buds

▼ Summary

– Apple patched a high-severity vulnerability (CVE-2025-20701) in Beats Studio Buds that could let nearby hackers eavesdrop via the microphone.
– The flaw involved improper authentication in Bluetooth chip firmware, allowing attackers to impersonate previously paired devices.
– The fix is included in Beats Firmware Update 1B211, delivered automatically when the earbuds are paired with an Apple device.
– The vulnerability was disclosed by security firm Insinuator and affected Airoha Systems chips used by multiple manufacturers.
– Jabra, Bose, and JBL also released patched versions for their affected devices.

Apple has rolled out a critical security update for its Beats Studio Buds wireless earbuds to address a high-severity flaw that could allow nearby attackers to secretly listen in on users.

The vulnerability, tracked as CVE-2025-20701, stemmed from improper authentication within the firmware controlling the earbuds’ Bluetooth chips. This weakness enabled hackers within signal range to impersonate previously paired devices. Security researchers demonstrated the danger through end-to-end attacks, proving they could intercept conversations or ambient sounds captured by the phone’s microphone.

“Impact: An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests,” Apple stated in a Tuesday security advisory. The fix is delivered automatically via Beats Firmware Update 1B211 when the headphones are connected to an iPhone, iPad, or Mac over Bluetooth. Users can confirm the update by navigating to Settings, selecting Bluetooth, and tapping the info icon next to their earbuds.

Rated 8.8 out of 10 in severity, this vulnerability was one of three disclosed last year by researchers Dennis Heinze and Frieder Steinmetz from security firm Insinuator. Their findings targeted chips manufactured by Airoha Systems. In response, Airoha released an updated software development kit for affected hardware vendors. Apple’s patch for the Beats Studio Buds arrived the same week that Jabra, another impacted headphone maker, announced patched versions. According to a report from Ecoustics, manufacturers Bose and JBL have also confirmed that their devices have been updated to incorporate the necessary fixes.

(Source: Ars Technica)

Topics

beats studio buds 95% bluetooth vulnerability 92% cve-2025-20701 90% security patch 88% eavesdropping attack 85% firmware update 83% bluetooth range 80% device pairing 78% apple security advisory 76% airoha systems 74%