Apple patches listening vulnerability in Beats Studio Buds



Security company Sentinel One delves into CVE-2025-20701 here.

Heinze and Steinmetz said last year that the entire chain of attacks gave attackers the ability to do other malicious things, including retrieving call and contact history, and even calling arbitrary numbers. Many of those capabilities depend on the specific devices being paired, as the functionality built into them differs from platform to platform.

Devices affected by Airoha vulnerabilities are not alone. In January, researchers revealed couple of whispersa series of vulnerabilities that allow an attacker to hijack connected Bluetooth devices via Google Quick Pairinga company proprietary protocol. In addition to eavesdropping, attackers can exploit WhisperPair flaws to geolocate devices. The vulnerabilities affect more than a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus and Google itself.

There are few, if any, reports of Bluetooth vulnerabilities like these being actively exploited in the wild. The complexity of these types of attacks is typically high and an attacker must continually remain within Bluetooth range of a target while using the exploit. People who believe they may be targets of these types of attacks should disable Bluetooth on devices when they are not needed and be aware of the risks when Bluetooth is activated.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *