CyberSecurity News

Apple Beats Studio Buds Flaw Exposes Users to Eavesdropping

Key Takeaways A high-severity flaw in Apple Beats Studio Buds allowed unauthorized eavesdropping via the device’s microphone. The vulnerability (CVE-2025-20701) could be exploited by nearby...

David kimber
David kimber
June 22, 2026 3 Min Read
4 0

Key Takeaways

  • A high-severity flaw in Apple Beats Studio Buds allowed unauthorized eavesdropping via the device’s microphone.
  • The vulnerability (CVE-2025-20701) could be exploited by nearby attackers even when the earbuds were not actively paired.
  • The issue stems from a weakness in open-source code within Apple’s software ecosystem.
  • Apple has released Beats Firmware Update 1B211 to patch the vulnerability.

Beats Studio Buds Vulnerability Exposes Users to Eavesdropping

Apple has addressed a significant security vulnerability in its Beats Studio Buds that could permit malicious actors within close proximity to surreptitiously listen in on users. This critical flaw enabled eavesdropping through the device’s microphone, even when the earbuds were not actively connected to a host device.

Table Of Content

The tech giant rolled out Beats Firmware Update 1B211 on June 16, 2026, to rectify the Bluetooth-related vulnerability. This update prevents exploitation by attackers located within wireless range.

Technical Details and Impact

Designated as CVE-2025-20701, the vulnerability was identified by security researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH. The flaw affects Beats Studio Buds and is rooted in an open-source code component integrated into Apple’s software framework.

Apple confirmed that devices susceptible to this vulnerability could inadvertently transmit microphone audio while actively searching for pairing connections. This means an attacker positioned within Bluetooth range could potentially establish an unauthorized connection to the earbuds and gain access to live audio input. Crucially, the exploit does not necessitate prior pairing, escalating the risk, especially in public venues such as offices, airports, or coffee shops.

While Apple has not disclosed specific technical details regarding the exploit, aligning with its practice of withholding information until patches are widely distributed, the nature of the vulnerability suggests issues with authentication or validation during the Bluetooth pairing process. The primary risk associated with CVE-2025-20701 is unauthorized audio surveillance, allowing attackers to capture sensitive conversations without the user’s awareness.

The attack’s range is limited by Bluetooth proximity, typically around 10 meters. Despite this constraint, the vulnerability is classified as high severity due to the sensitive nature of the exposed data and the absence of required user interaction for exploitation.

Patch and Mitigation

There is currently no evidence to suggest active exploitation of this vulnerability. However, security experts strongly advise immediate updates. Apple has patched the Bluetooth vulnerability within Beats Firmware Update 1B211. This update is automatically delivered to Beats Studio Buds when they are connected to an iPhone, iPad, or Mac and are within Bluetooth range.

Users can verify their device’s firmware version through their device settings:

  • On iPhone or iPad: Navigate to Settings > Bluetooth, then tap the information icon next to the earbuds.
  • On Mac: Go to System Settings > Bluetooth and select the connected device.

This incident underscores the persistent risks associated with wireless communication protocols, particularly Bluetooth. As an increasing number of devices rely on seamless pairing and continuous connectivity, the potential attack surface continues to expand. Apple acknowledged the contributions of the third-party researchers and noted the vulnerability’s origin in open-source components, highlighting the collective responsibility across the software supply chain.

What You Should Do

  • Ensure your Beats Studio Buds are updated to firmware version 1B211 or later.
  • Connect your Beats Studio Buds to an iPhone, iPad, or Mac to facilitate automatic firmware updates.
  • Regularly check your device settings to confirm your earbuds are running the latest firmware.
  • Disable Bluetooth on your host device when not actively using your Beats Studio Buds.
  • Exercise caution and avoid pairing devices in untrusted or public environments where potential attackers might be present.
  • Monitor Apple’s official security updates page for further advisories and ensure all connected devices are kept up to date.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitHackerPatchSecurityThreatVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts