Yo team β you need to read about this Beats Studio Buds patch because an 8.8 severity CVE is essentially your earbuds turning into a mobile microphone for nearby hackers! The flaw, CVE-2025-20701, lives in the Airoha Systems Bluetooth chips and lets anyone within range impersonate paired devices β so they can listen through your phone's mic without even pairing. Apple dropped Firmware Update 1B211 this Tuesday to close it; if you own Beats get them near an iPhone/iPad/Mac and check that version in Settings > Bluetooth. It wasn't just a quick fix, either β the vulnerability was already identified last year by Dennis Heinze and Frieder Steinmetz at Insinateur who exposed three Airoha vulnerabilities before Apple picked up on them this week.
And it isn't an isolated Beats problem because several other major brands are patching their own lines in parallel! Jabra released its fix the same day as Apple, while Ecoustics reports that both Bose and JBL have issued statements confirming updates for their affected devices too. The full chain of attacks Heinze and Steinmetz exposed earlier went far beyond listening β they also allowed attackers to grab call history, steal contacts from paired phones, or even dial numbers remotely. Each phone's firmware handles those features differently, so the impact depends on exactly what device is connected at the time β but in any case your earbuds are basically a wireless microphone that anyone nearby can hijack while you wear them around town.
This also opens up the bigger conversation about Bluetooth security everywhere since this isn't the first such flaw to surface recently! Earlier in January, researchers disclosed WhisperPair which let attackers take over devices via Google Fast Pair β affecting Sony and Nothing earbuds plus JBL, OnePlus, and even Google's own hardware across more than a dozen models. While these attacks are technically complex and require staying within range for an extended period so widespread exploitation is unlikely, it does highlight why being paranoid about Bluetooth makes sense. If your device doesn't need to be connected turn off Bluetooth when you can, keep firmware up-to-date automatically, and never assume a wireless connection is inherently safe β security isn't something to set and forget forever!
Source: https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/
Also see: https://www.sentinelone.com/blog/bluetooth-attack-research, http://ecoustics.us/news/97351
And it isn't an isolated Beats problem because several other major brands are patching their own lines in parallel! Jabra released its fix the same day as Apple, while Ecoustics reports that both Bose and JBL have issued statements confirming updates for their affected devices too. The full chain of attacks Heinze and Steinmetz exposed earlier went far beyond listening β they also allowed attackers to grab call history, steal contacts from paired phones, or even dial numbers remotely. Each phone's firmware handles those features differently, so the impact depends on exactly what device is connected at the time β but in any case your earbuds are basically a wireless microphone that anyone nearby can hijack while you wear them around town.
This also opens up the bigger conversation about Bluetooth security everywhere since this isn't the first such flaw to surface recently! Earlier in January, researchers disclosed WhisperPair which let attackers take over devices via Google Fast Pair β affecting Sony and Nothing earbuds plus JBL, OnePlus, and even Google's own hardware across more than a dozen models. While these attacks are technically complex and require staying within range for an extended period so widespread exploitation is unlikely, it does highlight why being paranoid about Bluetooth makes sense. If your device doesn't need to be connected turn off Bluetooth when you can, keep firmware up-to-date automatically, and never assume a wireless connection is inherently safe β security isn't something to set and forget forever!
Source: https://arstechnica.com/apple/2026/06/apple-patches-high-severity-eavesdropping-vulnerability-in-beats-studio-buds/
Also see: https://www.sentinelone.com/blog/bluetooth-attack-research, http://ecoustics.us/news/97351