Apple has patched a high-severity eavesdropping vulnerability in Beats Studio Buds, tracked as CVE-2025-20701, which could allow attackers to listen in on audio. The flaw was discovered by security firm Sentinel One and is part of broader Bluetooth vulnerabilities.
<p>Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users.</p>
<p>The vulnerability, <a href="https://www.cve.org/CVERecord?id=CVE-2025-20701">CVE-2025-20701</a>, allowed improper authentication in the firmware running on the Bluetooth-related chips, enabling people within signal range to impersonate devices that had previously been paired with the earbuds. The researchers demonstrated this in a series of end-to-end attacks that allowed them to eavesdrop on conversations or sounds within earshot of the phone microphone.</p>
<h2>Apple joins the patch party</h2>
<p>“Impact: An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests,” Apple said in a Tuesday security <a href="https://support.apple.com/en-us/127557">advisory</a>. The fix is contained in Beats Firmware Update 1B211, which is delivered automatically while headphones are paired with and within Bluetooth range of a user’s iPhone, iPad, or Mac. Users can check their firmware version by going to Settings on their device, navigating to Bluetooth, and tapping the info button next to the headphones.</p><p><a href="https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/">Read full article</a></p>
<p><a href="https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/#comments">Comments</a></p>
# Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
Source: [https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/](https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/)
Security firm Sentinel One has a deeper dive into CVE\-2025\-20701[here](https://www.sentinelone.com/vulnerability-database/cve-2025-20701/)\.
Heinze and Steinmetz said last year that the full chain of attacks gave attackers the ability to do other malicious things, including retrieving call history and contacts, and even calling arbitrary numbers\. Many of those capabilities are dependent on the specific devices being paired, since the functionality built into them differs from platform to platform\.
Devices affected by the Airoha vulnerabilities are by no means alone\. In January, researchers disclosed[WhisperPair](https://arstechnica.com/gadgets/2026/01/researchers-reveal-whisperpair-attack-to-eavesdrop-on-google-fast-pair-headphones/), a series of vulnerabilities that allows an attacker to hijack Bluetooth devices connected through[Google Fast Pair](https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/%E2%80%8B%E2%80%8Bhttps://developers.google.com/nearby/fast-pair), a proprietary protocol belonging to the company\. Besides eavesdropping, attackers can exploit the WhisperPair flaws to geolocate devices\. The vulnerabilities affect more than a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus, and Google itself\.
There are few, if any, reports of Bluetooth vulnerabilities like these being actively exploited in the wild\. The complexity of such attacks is often high, and an attacker has to continually stay within Bluetooth range of a target while utilizing the exploit\. People who think they may be targeted by such attacks should turn off Bluetooth in devices whenever they’re not needed, and remain aware of the risks when Bluetooth is enabled\.
Apple released security updates for macOS Tahoe 26.5 addressing multiple vulnerabilities including kernel bugs, denial-of-service, and sandbox escapes. The update includes fixes for CVEs discovered by various researchers, one of which (CVE-2026-28952) was reportedly found by Claude AI.
Apple patched an iOS bug that let law enforcement extract deleted Signal messages via cached notifications retained up to a month, after 404 Media revealed the FBI had exploited it.
Microsoft patched 137 vulnerabilities, with a notable high-severity privilege escalation fix in Azure AI Foundry highlighting security risks in the infrastructure layer of AI applications.
New research shows that imperceptible audio signals can hijack large audio-language models (LALMs) with 79-96% success, forcing them to execute unauthorized commands like web searches or sending emails. The technique, dubbed AudioHijack, targets generative models and works regardless of user input, posing a serious security risk to voice AI systems.
Researchers have discovered that inaudible sounds can be embedded in YouTube videos, podcasts, or music to surreptitiously command AI voice assistants, enabling a new class of auditory prompt injection attacks.