Apple Patches Eavesdropping Vulnerability in Beats Studio Buds
The update fixes CVE-2025-20701, which researchers said could let nearby attackers eavesdrop or place calls without pairing.
- Apple released firmware update 1B211 for Beats Studio Buds on June 16, patching CVE-2025-20701. Apple explained in a Tuesday advisory that the flaw allows attackers within Bluetooth range to listen through the microphone of unpaired devices.
- The vulnerability exists within the Airoha Bluetooth audio SDK used by the MT2821A chip. Researchers at ERNW GmbH discovered the issue one year ago, which allows attackers in Bluetooth range to establish two-way audio connections without authentication.
- More than a dozen devices from 10 manufacturers, including Sony and Bose, utilize the same vulnerable chip. Researchers noted that "real attacks are complex to perform" and should likely target only high-value targets due to required technical sophistication and physical proximity.
- Beats Studio Buds automatically receive the update when paired with an Apple device and placed in the case with the lid closed. Depending on internet connection, the firmware update process can take up to 30 minutes to complete.
- There are few reports of such Bluetooth vulnerabilities being actively exploited in the wild. People who think they may be targeted should turn off Bluetooth on devices whenever not needed and remain aware of risks when Bluetooth is enabled.
10 Articles
10 Articles
Ars Technica
cybernoz.comApple patches eavesdropping vulnerability in Beats Studio Buds
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, CVE-2025-20701, allowed improper authentication in the firmware running on the Bluetooth-related chips, enabling people within signal range to impersonate devices that had previously been paired with the earbuds. The researchers demonstrated this in a series of end-to-…
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations.
Apple has fixed a serious vulnerability that could allow conversations to be eavesdropped on via wireless earphones.
Apple sells its own wireless earphones, AirPods , as well as earphones and headphones under the Beats brand, which it acquired in 2014. A vulnerability was found in Beats Studio Buds , a pair of wireless earphones from the Beats brand, that allowed for eavesdropping on conversations, but this has finally been fixed with a software update. About the security content of Beats Firmware Update 1B211 - Apple Support https://support.apple.com/en-us/12…
securityweek.com
IT Security News - cybersecurity, infosecurity newsIn Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum
Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. The post In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum appeared first on SecurityWeek.
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
