{“lastseen”:”2026-06-19T13:36:51″,”description”:”Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap.\\n\\nWhen you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls\u2014not someone else\u2019s. But a vulnerability in Apple\u2019s Beats Studio Buds shows how that trust can be abused, turning everyday audio gear into a potential eavesdropping tool for anyone close enough and skilled enough to exploit it.\\n\\nThe vulnerability is tracked as CVE-2025-20701. Researchers disclosed flaws in Airoha system-on-a-chip (SoCs) devices at a security conference in Germany in 2025. Because Airoha chips are used in a wide range of audio products, the issue affected multiple devices, including Beats Studio Buds.\\n\\nThe researchers also showed how the vulnerability could be combined with flaws they found in the same Airoha component. By chaining these flaws, attackers could:\\n\\n * Eavesdrop via headphone microphones.\\n * Extract pairing keys.\\n * Impersonate trusted headphones.\\n * Compromise the user\u2019s phone, enabling call hijacking, contact extraction, triggering voice assistants, and more.\\n\\n\\n\\nThe good news is that these attacks are not easy to pull off. Exploitation is complex, and the attacker must be within Bluetooth range of the target device. \\n\\nBasically, CVE-2025-20701 is a flaw in the authentication process and affects devices that are not yet paired and are actively looking for something to connect to. In a normal scenario, your headphones and your phone go through a pairing process that establishes keys and trust before any sensitive operations\u2014like using the microphone\u2014are allowed.\\n\\nIn this case, devices in pairing mode did not properly verify who they were talking to. That opened a window where any nearby attacker could pose as a legitimate partner and connect to the earbuds before the user completes the pairing process.\\n\\nAs Apple describes it:\\n\\n\\u003e \u201cAn attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests.\u201d\\n\\n## How to stay safe\\n\\nTo address this vulnerability, Apple shipped Beats Firmware Update 1B211, which rolls out automatically once the earbuds are near and connected to an iPhone, iPad, or Mac.\\n\\nFor the average user, the need for physical proximity, specialized hardware and software, and some patience means opportunistic criminals are more likely to stick with phishing and credential stuffing than stalking Bluetooth signals in public spaces.\\n\\nBut for a motivated attacker targeting a high-profile individual, this is exactly the kind of bug they’d use.\\n\\nThere is no \\”Update now\\” button, but if you own Beats Studio Buds and use them with an iPhone, iPad, or Mac, you should automatically receive the update when:\\n\\n * The earbuds are paired with your Apple device\\n * They are in their charging case, with the lid closed\\n * The case and buds have sufficient charge, and the Apple device is nearby with Bluetooth enabled\\n\\n\\n\\nTo check whether you\u2019re protected:\\n\\n * On iOS or iPadOS, go to **Settings** \\u003e **Bluetooth**\\n * Tap the **info** icon next to your Beats Studio Buds\\n * Look at the firmware or version number. It should read **1B211** if the security update has been applied. If it says anything else, your earbuds may not have received the update yet. If you see an older version, keep the earbuds in their case near your iPhone, iPad, or Mac for a while to give them time to update. This can take some time and may happen silently in the background, so checking again later is worth the effort.\\n\\n\\n\\n* * *\\n\\n**Scammers know more about you than you think.** \\n\\nMalwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. \\n\\nDownload for iOS \u2192 Download for Android \u2192”,”published”:”2026-06-19T11:47:16″,”modified”:”2026-06-19T11:47:16″,”type”:”malwarebytes”,”title”:”Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap”,”source”:””,”references”:””,”id”:”MALWAREBYTES:430DE23FF1022B331371E640A7316DE9″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-20701″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/bugs\/2026\/06\/apple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-19T13:36:51″,”description”:”Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap.\\n\\nWhen you buy a pair of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,115,13,7,11,5],"class_list":["post-64242","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n