Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

Apple released a firmware update for its Beats Studio Buds wireless earbuds this week to address a critical security flaw. The vulnerability, identified as CVE-2025-20701 with a CVSS score of 8.8, allowed unauthorized Bluetooth pairing. This flaw stemmed from an issue within the Airoha Bluetooth audio SDK, enabling attackers in close proximity to potentially gain access to the earbuds' microphone. Once paired without user consent, an attacker could then eavesdrop on conversations or other ambient sounds. The update, pushed automatically to connected devices, resolves this specific authorization problem. Apple has not disclosed the number of users affected or if the vulnerability was actively exploited before the patch was deployed. This incident highlights ongoing security concerns with connected audio devices and the importance of timely software updates.