Apple Fixes Critical Vulnerability in Beats Studio Buds

01:25 / 20.06.2026·26·Technology

Apple has announced a new firmware update for Beats Studio Buds wireless earbuds. This update fixes a serious security flaw that allowed user conversations to be secretly overheard via Bluetooth. This vulnerability enabled cybercriminals to intercept audio signals from the microphone while being in the user's personal space. According to Ixbt.com, report states.

This flaw, identified as CVE-2025-20701, was rated 8.8 on a 10-point risk scale. The issue was related to the authentication process in the Bluetooth chips, allowing an attacker to masquerade as a previously connected trusted device. As a result, an unauthorized person could bypass security systems and connect to the earbuds.

Eavesdropping Risk and Researchers' Conclusion

According to ixbt.com, researchers Dennis Heinze and Frieder Steinmetz demonstrated this attack method in practice. If the earbuds were in pairing or discovery mode, a person nearby could hear sounds from the microphone, including phone conversations. This poses a serious threat to user privacy.

Apple confirmed the issue and released Beats Firmware Update 1B211. This update is installed automatically when the earbuds are connected to iPhone, iPad, or Mac devices. Users are advised to check their firmware version via the Bluetooth settings on their devices.

Widespread Industry Issues

It was revealed that this vulnerability is not limited to Apple products but also affects many other brands using Bluetooth chips manufactured by Airoha Systems. Specifically, popular brands such as Jabra, Bose, and JBL have also begun releasing security updates for their devices.

Experts note that these types of attacks are not limited to intercepting audio signals but could also create opportunities to steal data such as contact lists and call history. However, such complex scenarios depend on the technical specifications of each device.

Meanwhile, other types of attacks called WhisperPair have also been identified in the industry. These are related to the Google Fast Pair protocol and affected products from brands like Sony, Nothing, and OnePlus. Cybersecurity specialists advise users to turn off Bluetooth when not in use as a precaution.