CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 22, 2026

Apple Beats Studio Buds Vulnerability Allows Hackers to Eavesdrop on Users

Cybersecurity News Archived Jun 22, 2026 ✓ Full text saved

Apple has addressed a high-severity vulnerability in the Beats Studio Buds that could allow nearby attackers to eavesdrop on users via the device’s microphone, even when the earbuds are not actively paired. Apple fixed the Bluetooth vulnerability in Beats Firmware Update 1B211, released on June 16, 2026, addressing a flaw that could be exploited by […] The post Apple Beats Studio Buds Vulnerability Allows Hackers to Eavesdrop on Users appeared first on Cyber Security News .

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeApple Apple Beats Studio Buds Vulnerability Allows Hackers to Eavesdrop on Users By Abinaya June 22, 2026 Apple has addressed a high-severity vulnerability in the Beats Studio Buds that could allow nearby attackers to eavesdrop on users via the device’s microphone, even when the earbuds are not actively paired. Apple fixed the Bluetooth vulnerability in Beats Firmware Update 1B211, released on June 16, 2026, addressing a flaw that could be exploited by attackers within wireless range. The vulnerability, tracked as CVE-2025-20701, was discovered by security researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH. Apple Beats Studio Buds Vulnerability The flaw impacts Beats Studio Buds and stems from a weakness in open-source code integrated into Apple’s software ecosystem. Apple confirmed that affected devices could unintentionally expose microphone audio when actively seeking pairing connections. In practical terms, this means an attacker positioned within Bluetooth range could potentially connect to the earbuds without authorization and access live audio input. The attack does not require prior pairing, making it particularly concerning in public environments such as offices, airports, or cafes. Apple has not disclosed detailed technical specifics of the exploit, in line with its standard policy of limiting information until patches are widely deployed. However, the nature of the vulnerability suggests improper authentication or validation during the Bluetooth pairing process. The primary risk associated with CVE-2025-20701 is unauthorized audio surveillance. Since the vulnerability allows access to the microphone, attackers could potentially capture sensitive conversations without the user’s knowledge. The attack is limited by proximity, as the threat actor must be within Bluetooth range, typically around 10 meters. Despite this limitation, the vulnerability is considered high severity due to the sensitivity of the data exposed and the lack of user interaction required. While there is no evidence of active exploitation, security experts recommend updating immediately, as Apple has patched the Bluetooth vulnerability in Beats Firmware Update 1B211. The update is automatically delivered to Beats Studio Buds when they are connected to an iPhone, iPad, or Mac and within Bluetooth range. Users can verify their firmware version through device settings: On iPhone or iPad: Go to Settings > Bluetooth, then tap the info icon next to the earbuds. On Mac: Go to System Settings > Bluetooth and select the connected device. Ensuring devices are updated is the primary mitigation step. Users are also advised to disable Bluetooth when not in use and avoid pairing devices in untrusted environments. This vulnerability highlights ongoing risks associated with wireless communication protocols, particularly Bluetooth. As more devices rely on seamless pairing and always-on connectivity, the attack surface continues to expand. Apple credited the third-party researchers and noted that the vulnerability originates from open-source components, emphasizing the shared responsibility across the software supply chain. Users are encouraged to monitor Apple’s official security updates page for further advisories and ensure all connected devices remain up to date. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now! The Half-Life of Threat Intelligence: When Does an IOC Stop Being Useful?  Malicious JetBrains and VS Code Extensions Steal OpenAI, Anthropic, and DeepSeek API Keys Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees Latest News Cyber Security News Hackers Use RemotePC RMM and PowerShell Stagers to Deploy Prinz Eugen Ransomware Cyber Security 29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview Cyber Security News Microsoft’s New Option Allows Organizations to Block Copilot Access to Office Files Cyber Security News Microsoft has urged IT Admins to Prepare for Windows 11, Version 26H2 Update Cyber Security News New Malware Attack Via WhatsApp Attacking Windows System to Enable Remote Access For Attackers
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 22, 2026
    Archived
    Jun 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗