A high-severity vulnerability (CVE-2025-20701) in the Airoha Bluetooth audio SDK allowed nearby attackers to pair with Beats Studio Buds without the owner’s knowledge or consent, potentially enabling real-time microphone eavesdropping. The flaw stems from incorrect authorisation logic in the Bluetooth pairing process. Apple has issued a firmware update to address the issue.

Security Architect’s Take: While this is a consumer device vulnerability rather than a cloud infrastructure issue, architects should consider updating their organisation’s mobile device and peripheral management policies to mandate firmware updates for Bluetooth audio devices used in sensitive environments — particularly where staff work remotely or in shared spaces where conversations about confidential matters may be overheard.

Original advisory: Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone