In its most recent firmware update for Beats headphones, 1B211, Apple fixed a terrifying security flaw that allowed malicious actors to potentially eavesdrop on private conversations within Bluetooth range of the brand’s popular Studio Buds.
According to reporting by Sead Fadilpašić of TechRadar, it was actually the third-party security firm ERNW and its researchers, Dennis Heinze and Frieder Steinmetz, who first discovered the vulnerability, all the way back in 2025, when it was assigned an 8.8/10 severity score. In effect, it allowed hackers to impersonate a device that had previously been connected to the headphones, not only granting them access to the microphone and headphone audio but eventually even learning some devices’ call histories and contact lists.
If you own a pair of Studio Buds, is it likely you’ve been targeted? Thankfully, no. The same researchers who discovered the exploit told TechRadar that the degree of coordination, complexity, and planning required to execute this hack would have made it worthwhile only for very high-value targets, and, as of now, there are no reports of anyone being negatively impacted by the security vulnerability.
Mashable Light Speed
It’s also worth mentioning that Apple wasn’t the only company caught up in this exploit. In the original report released by ERNW that identified the flaw, the security firm listed dozens of compromised devices, including those from manufacturers like Sony, JBL, and Bose, and those were just the brands that publicly listed their system suppliers, leaving potentially hundreds more devices yet to be named. In the words of the security researchers in the report, the unknown scope of the problem “creates a huge blind spot in vulnerability management due to the nature of the supply chain.”
Thankfully, Apple isn’t the only company taking active measures to protect its customers. According to Ecoustics reporting back in January, both Bose and JBL have also taken steps to close off the vulnerability through firmware updates.
