Apple Patches Beats Studio Buds Flaw Rated 8.8, Blocking Bluetooth Eavesdropping

3 articles · Updated · Ars Technica · Jun 18

Firmware 1B211 fixes CVE-2025-20701 in Beats Studio Buds, a high-severity flaw that could let an attacker within Bluetooth range listen through a nearby device’s microphone.
The bug stemmed from improper authentication on Bluetooth-related chips, allowing hackers to impersonate devices previously paired with the earbuds; researchers showed end-to-end attacks that captured conversations and ambient sound.
Apple said the update installs automatically when the earbuds are paired with and near an iPhone, iPad or Mac, and users can verify the version in Bluetooth settings.
The 8.8-severity issue was one of three vulnerabilities disclosed last year by Insinuator researchers in Airoha-based audio chips, prompting Airoha to ship an updated SDK to manufacturers.
Jabra announced patched products this week, while Bose and JBL have also said their affected devices were updated, indicating a broader industry response.