Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
苹果修复 Beats Studio Buds 中存在的高危窃听漏洞
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. 苹果公司已更新其 Beats Studio Buds 无线耳机,修复了一个可能被附近黑客利用来窃听用户的高危漏洞。
The vulnerability, CVE-2025-20701, allowed improper authentication in the firmware running on the Bluetooth-related chips, enabling people within signal range to impersonate devices that had previously been paired with the earbuds. The researchers demonstrated this in a series of end-to-end attacks that allowed them to eavesdrop on conversations or sounds within earshot of the phone microphone. 该漏洞编号为 CVE-2025-20701,源于蓝牙相关芯片固件中的身份验证不当,使得处于信号范围内的攻击者能够冒充之前曾与该耳机配对过的设备。研究人员通过一系列端到端攻击演示了这一过程,成功窃听了手机麦克风范围内的对话或声音。
“Impact: An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests,” Apple said in a Tuesday security advisory. 苹果在周二发布的安全公告中表示:“影响:处于蓝牙范围内的攻击者可能通过尚未配对且正在主动寻求配对请求的设备麦克风进行监听。”
The fix is contained in Beats Firmware Update 1B211, which is delivered automatically while headphones are paired with and within Bluetooth range of a user’s iPhone, iPad, or Mac. Users can check their firmware version by going to Settings on their device, navigating to Bluetooth, and tapping the info button next to the headphones. 该修复程序包含在 Beats 固件更新 1B211 中。当耳机与用户的 iPhone、iPad 或 Mac 配对并处于蓝牙范围内时,更新会自动推送。用户可以通过进入设备的“设置”,导航至“蓝牙”,并点击耳机旁边的信息按钮来检查固件版本。
Carrying a severity rating of 8.8 out of 10, CVE-2025-20701 was one of three vulnerabilities resulting from last year’s disclosure by researchers Dennis Heinze and Frieder Steinmetz of security firm Insinuator about chips made by Airoha Systems. In response, Airoha released an updated software development kit to affected hardware sellers. CVE-2025-20701 的严重性评分为 8.8 分(满分 10 分),它是安全公司 Insinuator 的研究人员 Dennis Heinze 和 Frieder Steinmetz 去年披露的三个漏洞之一,这些漏洞涉及 Airoha Systems 生产的芯片。对此,Airoha 已向受影响的硬件销售商发布了更新后的软件开发工具包(SDK)。
Apple’s incorporation of the patch into the Beats Studio Buds came the same week that Jabra, another affected headphone manufacturer, also announced patched versions. According to this article from Ecoustics, manufacturers Bose and JBL have released statements saying their devices have also been updated to incorporate the fixes. Security firm Sentinel One has a deeper dive into CVE-2025-20701 here. 在苹果为 Beats Studio Buds 部署补丁的同一周,另一家受影响的耳机制造商 Jabra 也宣布了其修复版本。根据 Ecoustics 的报道,Bose 和 JBL 等制造商也发表声明称,其设备已更新并集成了相关修复程序。安全公司 Sentinel One 在此处对 CVE-2025-20701 进行了更深入的分析。
Heinze and Steinmetz said last year that the full chain of attacks gave attackers the ability to do other malicious things, including retrieving call history and contacts, and even calling arbitrary numbers. Many of those capabilities are dependent on the specific devices being paired, since the functionality built into them differs from platform to platform. Heinze 和 Steinmetz 去年表示,完整的攻击链使攻击者能够执行其他恶意操作,包括获取通话记录和联系人,甚至拨打任意号码。这些功能中的许多取决于所配对的具体设备,因为不同平台内置的功能各不相同。
Devices affected by the Airoha vulnerabilities are by no means alone. In January, researchers disclosed WhisperPair, a series of vulnerabilities that allows an attacker to hijack Bluetooth devices connected through Google Fast Pair, a proprietary protocol belonging to the company. Besides eavesdropping, attackers can exploit the WhisperPair flaws to geolocate devices. The vulnerabilities affect more than a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus, and Google itself. 受 Airoha 漏洞影响的设备绝非个例。今年 1 月,研究人员披露了 WhisperPair,这是一系列允许攻击者劫持通过 Google Fast Pair(谷歌专有协议)连接的蓝牙设备的漏洞。除了窃听,攻击者还可以利用 WhisperPair 漏洞对设备进行地理定位。这些漏洞影响了来自 10 家制造商的十多种设备,包括索尼、Nothing、JBL、一加以及谷歌自家产品。
There are few, if any, reports of Bluetooth vulnerabilities like these being actively exploited in the wild. The complexity of such attacks is often high, and an attacker has to continually stay within Bluetooth range of a target while utilizing the exploit. People who think they may be targeted by such attacks should turn off Bluetooth in devices whenever they’re not needed, and remain aware of the risks when Bluetooth is enabled. 目前几乎没有关于此类蓝牙漏洞在现实中被大规模利用的报告。此类攻击的复杂性通常很高,攻击者必须在利用漏洞的同时持续保持在目标的蓝牙范围内。认为自己可能成为此类攻击目标的用户,应在不使用时关闭设备的蓝牙功能,并在开启蓝牙时保持对风险的警惕。