Apple has fixed a serious vulnerability in the Beats Studio Buds wireless earbuds that could let attackers eavesdrop on conversations while staying within Bluetooth range. The issue is tracked as CVE-2025-20701 and carries a severity score of 8.8 out of 10. It was discovered by researchers Dennis Heinze and Frieder Steinmetz from ERNW.
The bug was tied to missing authentication in Bluetooth BR/EDR. The researchers demonstrated an exploit that allowed an attacker to initiate a call and listen to audio from the earbuds' microphone without prior pairing. According to them, in most cases it was enough for the attacker to be nearby, inside Bluetooth range, and the issue may have affected both Bluetooth BR/EDR and BLE.
The specialists also found that vulnerable Beats Studio Buds could effectively be taken over via Bluetooth: an attacker could read and write data in RAM and flash memory, extract Bluetooth keys, access call history and saved contacts, and initiate calls. CVE-2025-20701 could also be chained with two other vulnerabilities, CVE-2025-20700 and CVE-2025-20702, to send commands to a phone through the Bluetooth Hands-Free Profile.
At the same time, the researchers stress that real-world attacks are difficult to pull off and require technical skill, physical proximity to the victim and suitable conditions. That makes such scenarios more relevant for attacks on high-value targets than for mass exploitation of ordinary users. Still, the mere possibility of listening through a device that has not even been paired makes the flaw especially unpleasant.
Apple has already released a fix in Beats Firmware Update 1B211. The update is installed automatically the next time Beats Studio Buds are connected to an iPhone, iPad or Mac.