Apple fixes high-severity Beats Studio Buds vulnerability
Apple has patched a high-severity eavesdropping vulnerability in its Beats Studio Buds, which could have allowed attackers to retrieve call history, contacts, and make arbitrary calls. The vulnerability, CVE-2025-20701, affects Bluetooth devices from multiple manufacturers. Despite the risk, there are no reported cases of active exploitation.
Key points
- Apple patched CVE-2025-20701, a high-severity eavesdropping vulnerability in Beats Studio Buds
- The vulnerability could have allowed attackers to retrieve call history, contacts, and make arbitrary calls
- The issue affects Bluetooth devices from multiple manufacturers, including Sony, Nothing, JBL, OnePlus, and Google
- There are no reported cases of active exploitation, but experts advise turning off Bluetooth when not needed
Apple has addressed a high-severity eavesdropping vulnerability in its Beats Studio Buds, which could have allowed attackers to retrieve sensitive information and make unauthorized calls. The vulnerability, identified as CVE-2025-20701, was discovered by researchers who found that it could be exploited to access call history, contacts, and even make arbitrary calls.
The issue affects Bluetooth devices from multiple manufacturers, including Sony, Nothing, JBL, OnePlus, and Google. However, it's worth noting that there are no reported cases of active exploitation, and the complexity of such attacks is often high.
Experts advise turning off Bluetooth in devices whenever they're not needed, and remaining aware of the risks when Bluetooth is enabled. While the patch has been released, users are still advised to take precautions to protect their devices from potential attacks.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.