Apple has patched a high-severity vulnerability affecting Beats Studio Buds that could allow attackers to eavesdrop on users and access sensitive data. The flaw, tracked as CVE-2025-20701, enables malicious actors to retrieve call history, contacts, and place calls to arbitrary numbers without user consent.

Security researchers Heinze and Steinmetz found this vulnerability is part of a broader issue with Airoha chips used across multiple manufacturers. These devices inherit platform-specific functionality that varies between operating systems, making exploitation more complex but potentially more damaging. The research builds on January's Whisper Pair disclosures, which showed similar Bluetooth hijacking risks.

The vulnerable chip affects over a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus, and Google. While no active exploitation has been reported, the attack complexity requires attackers to remain within Bluetooth range throughout the exploit process.

Users concerned about targeted attacks should disable Bluetooth when not actively using wireless devices. The patch demonstrates how supply chain security issues can impact multiple brands simultaneously, highlighting the need for coordinated vulnerability disclosure across manufacturers.