Apple has released a security update to address a high-severity vulnerability affecting Beats Studio Buds wireless earbuds that could allow nearby attackers to listen to users’ conversations without pairing with the device.
According to an advisory from Apple, an attacker within Bluetooth range could exploit the flaw to access the microphone of an unpaired device that is actively searching for pairing requests.
Tracked as CVE-2025-20701, the vulnerability affects the Bluetooth implementation used in Airoha system-on-chip (SoC) components. Apple said the issue originates from open-source code shared across multiple projects and that the CVE identifier was assigned by a third party.
The vulnerability was discovered by security researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH. The researchers disclosed the flaw at the TROOPERS security conference in Germany in 2025, explaining that it stems from a missing authentication mechanism in the Bluetooth BR/EDR radio protocol.
The researchers developed a proof-of-concept exploit demonstrating how attackers within Bluetooth range could initiate a call and eavesdrop on nearby conversations. They also found that combining CVE-2025-20701 with two additional vulnerabilities, CVE-2025-20700 and CVE-2025-20702, could enable attackers to hijack the Bluetooth connection and issue commands through the Hands-Free Profile (HFP).
According to ERNW, successful exploitation could allow attackers to retrieve call history, access contact information, place phone calls, and gain extensive control over vulnerable headphones without requiring authentication or prior pairing.
Apple has addressed the issue with Beats Firmware Update 1B211, which is automatically installed when affected earbuds are connected to a compatible iPhone, iPad, or Mac and are within Bluetooth range.
Users can verify that the update has been installed by opening Bluetooth settings on their Apple device, selecting the information icon next to their Beats Studio Buds, and checking the firmware version.
While the researchers noted that real-world attacks require technical expertise and physical proximity, they warned that the vulnerabilities could pose a significant risk to high-value targets such as journalists, executives, and government officials.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
