CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 18, 2026

Apple fixes Beats Studio Buds flaw that let hackers spy on conversations

Bleeping Computer Archived Jun 18, 2026 ✓ Full text saved

Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations. [...]

Full text archived locally
✦ AI Summary · Claude Sonnet


    Apple fixes Beats Studio Buds flaw that let hackers spy on conversations By Sergiu Gatlan June 18, 2026 08:23 AM 0 Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations. "An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests," Apple explained in a Tuesday advisory. "This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party." Apple patched the vulnerability in Beats Firmware Update 1B211, which will be automatically delivered to vulnerable headphones when they are paired and within Bluetooth range of the user's iPhone, iPad, or Mac. You can check whether the firmware has been applied from the Bluetooth settings on your device by tapping the info button next to the headphones. The security flaw (CVE-2025-20701) was discovered by Dennis Heinze and Frieder Steinmetz of ERNW GmbH in the Airoha system-on-a-chip (SoCs). When they disclosed the vulnerability one year ago at the TROOPERS security conference in Germany, the ERNW security researchers said that it stems from a missing authentication weakness in the Bluetooth BR/EDR radio. They also created a proof-of-concept exploit that allows attackers to initiate a call and eavesdrop on conversations within earshot of the targeted phone. Reading currently playing media from vulnerable device (ERNW) When chaining CVE-2025-20701 with two other vulnerabilities (tracked as CVE-2025-20700 and CVE-2025-20702) impacting the same vulnerable component, the attackers can also use the Bluetooth Hands-Free Profile (HFP) to issue commands to the phone after hijacking the connection between the phone and a paired Bluetooth audio device. "In most cases, these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required," they warned. "The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device’s RAM and flash." The researchers were also able to retrieve the call history and contacts and even call an arbitrary number after extracting the Bluetooth link keys from a vulnerable device's memory. "The range of available commands depends on the mobile operating system, but all major platforms support at least initiating and receiving calls," they said, but added that "real attacks are complex to perform" and should likely target only high-value targets because they require technical sophistication and physical proximity. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen. The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: New Apple feature automatically changes your compromised passwords Apple blocked over $11 billion in App Store fraud in 6 years Upgrade your audio with open-box Beats Solo 4 headphones for just $88 right now Microsoft blames macOS update for undismissible Teams location prompts Kali Linux can now run in Apple containers on macOS systems
    💬 Team Notes
    Article Info
    Source
    Bleeping Computer
    Category
    ◇ Industry News & Leadership
    Published
    Jun 18, 2026
    Archived
    Jun 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗