A high-severity flaw in Apple's Beats Studio Buds has been patched, preventing nearby attackers from potentially spying on users via the earbuds' microphone. The vulnerability, identified as CVE-2025-20701, carries a CVSS score of 8.8 and stems from incorrect authorization in the Airoha Bluetooth audio SDK, allowing unauthorized Bluetooth device pairing without user consent. This issue could be exploited by attackers in close proximity to the earbuds, enabling them to eavesdrop on users. The patch aims to mitigate this risk by ensuring that device pairing requires explicit user approval. Apple's update addresses the vulnerability, which was under active discussion, with its exploitation status determining the urgency of the patch1. This development matters to practitioners as it highlights the importance of timely patches for mitigating potential eavesdropping risks in wireless audio devices.
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
⚠️ Critical Alert
Why This Matters
CVE-2025-20701 is in active discussion involving Apple — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, June 19). Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone. *The Hacker News*. https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html
Original Source
The Hacker News
Read original →