Live Feeds
● LIVE Updated 1h ago · 28 sources tracked

Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds

Apple released firmware update 1B211 to fix a high-severity vulnerability in Beats Studio Buds. The flaw allowed nearby attackers to use the microphone for eavesdropping without user consent. The update is delivered automatically when paired with a Mac, iPad, or iPhone.

RSS Source map (28)

What changed

New details identify the specific vulnerability as CVE-2025-20701 and set the release date to June 16, 2026.

Live updates

  1. Apple Patches High-Severity Eavesdropping Flaw in Beats Studio Buds

    Apple released firmware update 1B211 to fix a high-severity vulnerability in Beats Studio Buds. The flaw allowed nearby attackers to use the microphone for eavesdropping without user consent. The update is delivered automatically when paired with a Mac, iPad, or iPhone.

    What's confirmed:

    • Apple released Beats Firmware Update 1B211 on June 16, 2026.
    • The update addresses a high-severity vulnerability that allowed nearby attackers to eavesdrop on users.
    • Attackers could listen through the device microphone while within Bluetooth range.
    • The flaw is identified as CVE-2025-20701.
    • The vulnerability occurs if earbuds are in pairing request discovery mode and not yet paired.

    Still unconfirmed:

    • The vulnerability is related to open-source software.
    • Similar flaws affected earbuds from Sony, Bose, and JBL.
    confidence 95%

  2. Apple Patches High-Severity Eavesdropping Flaw in Beats Studio Buds

    Apple released firmware update 1B211 to fix a high-severity vulnerability in Beats Studio Buds. The flaw allowed nearby attackers to use the device microphone for eavesdropping without user consent. The update is delivered automatically when paired with a Mac, iPad, or iPhone.

    What's confirmed:

    • Apple released Beats Firmware Update 1B211 to address a high-severity vulnerability in Beats Studio Buds.
    • The flaw allowed nearby attackers to eavesdrop through the device microphone before pairing was established.
    • The vulnerability stemmed from the Airoha Bluetooth audio SDK and affected multiple manufacturers.
    • The vulnerability is identified as CVE-2025-20701.
    • The flaw is rated 8.8 out of 10.
    • Researchers Dennis Heinze and Frieder Steinmetz of Insinuator first disclosed the vulnerability 12 months ago.
    • Other manufacturers including Bose, Jabra, and JBL issued updates for affected devices.
    confidence 100%

  3. Apple patches high-severity eavesdropping flaw in Beats Studio Buds

    Apple released firmware update 1B211 to fix a high-severity vulnerability in Beats Studio Buds. The flaw allowed nearby attackers to use the device microphone for eavesdropping without user consent. The issue stemmed from the Airoha Bluetooth audio SDK and affected multiple manufacturers.

    What's confirmed:

    • Beats Firmware Update 1B211 addresses the vulnerability.
    • The vulnerability is tracked as CVE-2025-20701 with a CVSS score of 8.8.
    • The flaw allowed nearby attackers to eavesdrop on users via the microphone without user consent or interaction.
    • The issue originated from the Airoha Bluetooth audio SDK.
    • The vulnerability was disclosed 12 months ago.
    • Apple also released new firmware for AirPods Pro 3.

    Still unconfirmed:

    • Apple updated millions of AirPods without warning.
    confidence 95%