Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users
Beats Studio Buds flaw allowed nearby attackers to eavesdrop via microphone.
Summary
A vulnerability in Apple's Beats Studio Buds, tracked as CVE-2025-20701, allowed nearby attackers to eavesdrop on conversations through the device's microphone. The flaw, identified by ERNW GmbH researchers, exploited the Airoha Bluetooth audio SDK when the earbuds were on but not connected to a device. Apple has released a firmware update (1B211) to patch this issue.
Full text
Security PrivacyBeats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users Apple has released a security update to patch a Beats Studio Buds flaw that let nearby hackers listen to conversations through the microphone. byDeeba AhmedJune 22, 20262 minute read Listen to this article 0:00 — ← 10s ▶ Play 10s → Speed 0.75× 1× 1.25× 1.5× 2× Voice Loading voices… Press play to start listening Apple has fixed a flaw in its Beats Studio Buds wireless headphones that allowed hackers to use the built-in microphone to listen to your private conversations without your knowledge. According to Apple’s official advisory, the issue is tracked as CVE-2025-20701, and was identified by researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH security firm. Heinze and Steinmetz discovered that the bug exists in the open-source code of a system called the Airoha Bluetooth audio SDK. For your information, this system helps run the earbuds, and the issue happens when the headphones are turned on but aren’t connected to a phone or computer. Vulnerability Explained What happens in this scenario is that the earbuds look for a new connection. That’s when any hacker in proximity can strike. All they have to do is link to the device, and this doesn’t even need the user’s permission. The software cannot check or verify who is connecting, so the hacker can easily eavesdrop on your conversations. However, this trick requires some prerequisites, such as the hacker must be within a standard Bluetooth range of about 10 metres. During the testing phase, researchers chained this bug with two other flaws. The first issue, CVE-2025-20700, allows an unauthenticated attacker to connect to the earbuds using Bluetooth Low Energy, whereas the second issue, CVE-2025-20702, helps them evade security and access internal management settings. Combining them allowed researchers to use the Bluetooth Hands-Free Profile feature and look at call histories or contact lists, and dial numbers. However, real attacks are very hard to carry out, research reveals, because they require expert skills and physical closeness to the person. How to Get the Update Apple fixed the bug on 16 June by releasing Beats Firmware Update 1B211. You don’t need to click anything to install this fix as the earbuds update by themselves when they are in their charging case, plugged into power, and placed near an iPhone, iPad, or Mac with Bluetooth turned on. Android users need to get the patch through the official Beats app. You can also confirm if your earbuds are updated. Just open the Bluetooth settings and check the version number. Consider the patch as active if the version is 1B211. However, it is still a good idea to turn off Bluetooth when not in use to keep your devices safe. Photo by Lalith Sai Thomala on Unsplash Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AppleBeats Studio BudsCybersecurityPrivacysecuritySpyingVulnerability Leave a Reply Cancel reply View Comments (0) Related Posts Security Android Malware 85 Credential-Stealing Apps Found on Google Play Store A couple of days ago HackRead exclusively reported on a Fidget spinner app that has been sending other… byUzair Amir Cyber Attacks Phishing Scam Security CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees Lookout urges crypto users to be on the lookout of the new and tricky phishing campaign. byDeeba Ahmed Security Malware Microsoft Technology A Malware That can Bypass Windows Firewall Using Intel’s Management Tech A unique and perhaps a very practical way of injecting malware into an entire network has been discovered… byJahanzaib Hassan Security Android Malware HummingWhale Malware infected Android Apps Downloaded Millions of Times CheckPoint security firm has detected a presence of the notorious HummingWhale malware in 20 Android apps, which are quite… byWaqas
Indicators of Compromise
- cve — CVE-2025-20701
- cve — CVE-2025-20700
- cve — CVE-2025-20702