TL;DR
Apple has patched a high-severity security flaw in Beats Studio Buds that could enable attackers to eavesdrop on conversations and access call history. The update addresses a vulnerability linked to Bluetooth protocol weaknesses, with no reports of active exploitation so far.
Apple has released a security update that patches a high-severity vulnerability in Beats Studio Buds, which could have allowed malicious actors to eavesdrop on conversations and access call logs. The fix addresses a Bluetooth protocol flaw identified as CVE-2025-20701, confirmed by Apple and security researchers as a serious security concern.
The vulnerability, CVE-2025-20701, was discovered by security firm SentinelOne and involves a flaw in the Bluetooth implementation used by Beats Studio Buds. It could have enabled attackers within Bluetooth range to intercept audio streams, retrieve call history, contacts, or even initiate calls remotely. Apple’s security update, released in June 2026, closes this loophole, preventing potential eavesdropping or data theft.
Experts note that the vulnerability is related to broader Bluetooth weaknesses affecting multiple devices from various manufacturers, including Sony, Nothing, JBL, OnePlus, and Google. While no evidence indicates active exploitation, the flaw’s severity has prompted Apple to act swiftly. The company recommends users update their devices immediately to mitigate risks.
Why This Security Fix Matters for Users
This update is critical because the vulnerability could have compromised user privacy, allowing unauthorized listening and access to sensitive call information. Although no attacks have been publicly reported, the flaw’s potential impact makes it a significant security concern for Beats users and Bluetooth device owners overall. Apple’s prompt response underscores the importance of security in wireless audio devices, especially those with microphone and call capabilities.
Beats Studio Buds firmware update
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Bluetooth Vulnerabilities and Industry Response
The CVE-2025-20701 flaw is part of a series of Bluetooth security issues identified over recent months. Researchers have highlighted that many Bluetooth-connected devices, including those from major brands, share similar vulnerabilities that can be exploited for eavesdropping, device hijacking, or geolocation. The discovery follows the January disclosure of WhisperPair, a set of vulnerabilities affecting Google Fast Pair devices, which also allowed attackers to hijack Bluetooth connections and track device locations. Despite the technical complexity, these vulnerabilities highlight ongoing security challenges in wireless protocols, prompting industry-wide efforts to improve Bluetooth security standards.
“The flaw in the Bluetooth protocol used by Beats Studio Buds could have allowed attackers within range to listen in on calls and retrieve sensitive data.”
— an anonymous researcher
Bluetooth security protection for wireless earbuds
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Unresolved Questions About Exploitation and Impact
There are no reports of the vulnerability being actively exploited in the wild, and it remains unclear how widespread the potential attack vector was before the fix. Details on whether specific attacker groups targeted Beats Studio Buds are not yet available. Additionally, the full technical scope of the Bluetooth flaw and its impact on other Apple or third-party devices is still being evaluated by security researchers.
Bluetooth eavesdropping protection devices
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Next Steps for Users and Industry Security Standards
Apple recommends all users of Beats Studio Buds update their firmware immediately to prevent potential exploitation. Security researchers will continue to monitor for any signs of active attacks and assess the broader implications of Bluetooth vulnerabilities. Industry-wide, efforts are underway to strengthen Bluetooth security protocols and improve device resilience against similar flaws in future products.
wireless earbuds with security features
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
How do I update my Beats Studio Buds?
Users should check the latest firmware version via the Beats app or their device’s settings and follow instructions to install available updates.
Can I still be eavesdropped if I haven’t updated?
Yes, if your device is vulnerable and within Bluetooth range of an attacker, there is a risk of eavesdropping. Updating firmware reduces this risk.
Are other Apple devices affected by this vulnerability?
This specific flaw was identified in Beats Studio Buds, but similar Bluetooth vulnerabilities could potentially affect other Apple or third-party wireless devices. Apple’s update targets this specific issue.
Will Apple release further security updates?
Apple typically issues security patches as needed; users should stay updated and monitor official communications for future releases.
Is there a way to protect myself until I update?
Turning off Bluetooth when not in use and avoiding pairing with unknown devices can help reduce risk until the device is updated.
Source: Ars Technica
