Main Vulnerability Database SB2026061716

SB2026061716 - Information disclosure in Apple Beats firmware

Published: June 17, 2026

Security Bulletin ID SB2026061716

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper access control (CVE-ID: CVE-2025-20701)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to listen through the microphone of a device.

The vulnerability exists due to improper access control in the Bluetooth component when handling pair requests from an unpaired device that is actively seeking pair requests. An attacker with physical proximity to the system can operate within Bluetooth range to listen through the microphone of a device.

The issue affects devices that are not yet paired and are actively seeking pair requests.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/127557