Apple Patches CVE-2025-20701 in Beats Studio Buds Enabling Audio Eavesdropping

The update closes an unauthenticated pairing bypass in the Bluetooth stack. Sentinel One analysis showed the flaw allowed full audio capture without user interaction once the attacker remained in range. Affected devices include multiple Beats and third-party models sharing the same Airoha silicon. No public evidence of in-the-wild exploitation exists, consistent with prior Bluetooth remote attacks that demand sustained proximity.

Data from the disclosure links the same chipset family to earlier Airoha issues reported by Heinze and Steinmetz. Those chains enabled call-log extraction and arbitrary dialing on paired platforms. Functional differences across iOS, Android, and Windows pairings limited full exploitation, yet audio interception remained the lowest-complexity primitive.

Parallel research on WhisperPair demonstrated comparable hijacking of Google Fast Pair devices from Sony, JBL, and Nothing. Both vulnerability classes exploit proprietary pairing extensions rather than core Bluetooth specifications. The pattern indicates that vendor-specific audio codecs and fast-pair protocols continue to introduce unauthenticated control surfaces.

Operationally, users should disable Bluetooth when idle and monitor firmware release notes for Airoha-based hardware. Enterprise device fleets require inventory checks against the affected model list before relying on wireless headsets for confidential calls.