THE HALFAX HEIMDALL AUGUR

2026-07-10 05:49:30 UTC
read story evidence & references

Apple patches high-severity Bluetooth vulnerability in Beats Studio Buds

arstechnicaarstechnica.combleepingcomputer.comblueskyqpulse.quasarcybertech.comradar.offseq.com · 3 blocs · 21d ago

Apple released a firmware update to address a high-severity Bluetooth vulnerability in Beats Studio Buds, identified as CVE-2025-20701. The flaw, disclosed at the TROOPERS security conference in Germany one year ago, stems from a missing authentication mechanism in the Airoha system-on-a-chip used in the earbuds. The update, version 1B211, is delivered automatically when the earbuds are paired and

Apple patched a high-severity vulnerability in Beats Studio Buds wireless earbuds, identified as CVE-2025-20701. The flaw, disclosed at the TROOPERS security conference in Germany one year ago, arises from a missing authentication mechanism in the Bluetooth BR/EDR radio of the Airoha system-on-a-chip used in the devices. Apple released firmware update 1B211 to address the issue, which is delivered automatically when the earbuds are paired and within Bluetooth range of an iPhone, iPad, or Mac. The vulnerability affects multiple manufacturers and can be chained with CVE-2025-20700 and CVE-2025-20702 to enable additional attacks, including hijacking Bluetooth connections, issuing commands via the Hands-Free Profile, accessing device memory, retrieving call history and contacts, and placing arbitrary calls. Apple stated that the vulnerability exists in open-source code used in Apple products, and the CVE was assigned by a third party. According to qpulse.quasarcybertech.com, the vulnerability was discovered by Dennis Heinze and Frieder Steinmetz of ERNW GmbH, and allows attackers within Bluetooth range to eavesdrop on conversations through the microphone of the Beats Studio Buds without pairing.

This account was written only from facts that survived Augur's corroboration pass — 9 corroborated across opposed news blocs, 0 contested (attributed to both sides), 2 single-source (attributed). Nothing was added; no significance was inferred. Model Qwen3-Next-80B-A3B-Instruct. See the evidence & the verbatim quotes →