Vulnerability Overview
Apple has issued a critical firmware update for Beats Studio Buds wireless earbuds to address a high severity security flaw. The vulnerability, tracked as CVE-2025-20701, allows an attacker within Bluetooth range to listen to a user’s conversations through the earbud microphones. The issue affects devices that have not yet completed pairing and are actively seeking Bluetooth connections.
This weakness originates from a missing authentication step in the Bluetooth BR/EDR radio component, specifically within Airoha system on a chip (SoC) technology. Security researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH first disclosed the flaw at the TROOPERS security conference approximately one year ago. They demonstrated a proof of concept exploit that enables attackers to initiate calls and eavesdrop on conversations near the target device.
Impact and Mitigation
When combined with two additional vulnerabilities (CVE-2025-20700 and CVE-2025-20702), attackers can exploit the Bluetooth Hands Free Profile (HFP) to send commands to the paired phone after hijacking the Bluetooth connection. The researchers warned that, in many cases, these vulnerabilities allow full takeover of the headphones without requiring authentication or prior pairing. Accessible data includes call history, contacts, and Bluetooth link keys, potentially enabling attackers to place calls from the victim’s number.
Apple has released Beats Firmware Update 1B211 to patch this vulnerability. The update installs automatically when the earbuds are paired and within Bluetooth range of an iPhone, iPad, or Mac. Users can verify the firmware version by checking Bluetooth settings on their device. While the researchers noted that executing these attacks requires technical sophistication and physical proximity, making them likely targeted at high value individuals, all Beats Studio Buds users should ensure their firmware is current.
Source: BleepingComputer
