Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.

The article reports that Apple patched a high‑severity Bluetooth vulnerability (CVE-2025-20701, CVSS 8.8) in Beats Studio Buds that allowed nearby attackers to pair without user consent and eavesdrop via the microphone by exploiting incorrect authorization in the Airoha Bluetooth audio SDK. This is a concrete example of a security flaw originating in third‑party/open‑source code embedded in a widely deployed consumer device, which Apple notes is part of the affected software ecosystem.[1][2][4][6] From a CyberSE.AI perspective, similar third‑party SDK or open‑source dependencies inside AI agents, client apps, or edge devices (e.g., headsets used for data collection or voice interfaces) can create hidden attack paths for data interception, lateral movement, or compromise of AI inputs/outputs. Organizations should treat AI-related hardware, SDKs, and libraries as part of their AI supply chain, maintain SBOMs, and implement continuous dependency monitoring and patch management to reduce the risk that upstream component flaws lead to data leakage or unauthorized surveillance in AI workflows.