As reported by Bleeping Computer, Apple has issued a security update to address a vulnerability affecting Beats Studio Buds wireless earbuds. This flaw could potentially allow attackers within Bluetooth range to eavesdrop on user conversations.The vulnerability, identified as CVE-2025-20701, was discovered by researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH. It stems from a missing authentication weakness in the Bluetooth BR/EDR radio of the Airoha system-on-a-chip (SoCs) used in the earbuds. Attackers in close proximity could exploit this flaw to listen through the microphone of an unpaired device actively seeking pairing requests. Apple has patched this issue with Beats Firmware Update 1B211, which will be delivered automatically to vulnerable devices.When chained with two other vulnerabilities (CVE-2025-20700 and CVE-2025-20702), attackers could also hijack the Bluetooth Hands-Free Profile to issue commands to a phone. While the researchers noted that real-world attacks are complex and require significant technical sophistication and physical proximity, they could allow attackers to take over the headphones, read device memory, retrieve call history, and even initiate calls.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds