Apple Fixes Beats Studio Buds Flaw That Could Let Nearby Attackers Listen Through the Microphone

Apple has released Beats Firmware Update 1B211 to fix a high-severity Bluetooth vulnerability in Beats Studio Buds that could allow a nearby attacker to listen through the earbuds’ microphone. The issue affects Beats Studio Buds when the device has not yet been paired and is actively looking for pairing requests, according to Apple’s security advisory.

The vulnerability is tracked as CVE-2025-20701 and is tied to incorrect authorization in the Airoha Bluetooth audio SDK. The National Vulnerability Database describes the issue as a way to pair a Bluetooth audio device without user consent, with no user interaction required.

Apple says firmware updates are delivered automatically when Beats headphones are paired with and in Bluetooth range of an iPhone, iPad, or Mac. Users can also check the firmware version from Bluetooth settings, while Android users can manage updates through the Beats app.

What CVE-2025-20701 Means for Beats Studio Buds Users

CVE-2025-20701 does not allow remote attacks over the internet. The attacker must be within Bluetooth range, which makes the issue local but still serious for users in offices, airports, public transport, schools, and other crowded places.

The vulnerable condition applies when Beats Studio Buds are not yet paired and are actively seeking pair requests. In that state, the flaw could let an attacker pair with the earbuds without the user’s approval and access the microphone.

Apple credited Dennis Heinze and Frieder Steinmetz of ERNW GmbH for the discovery. The broader research focused on Airoha-based Bluetooth headphones and earbuds, and the researchers later described several related vulnerabilities in Airoha-based Bluetooth devices.

Vulnerability	Product affected by Apple update	Fixed in	Attack requirement
CVE-2025-20701	Beats Studio Buds	Beats Firmware Update 1B211	Attacker within Bluetooth range

The Flaw Comes From the Airoha Bluetooth Audio SDK

The issue is not limited to Apple’s software alone. The Airoha product security bulletin says CVE-2025-20701 affects the Airoha Bluetooth audio SDK and can allow pairing without user consent.

Airoha lists the vulnerability as high severity and says it affects AB156x, AB157x, AB158x, and AB159x series chipsets. The affected software includes Airoha IoT SDK for BT audio v5.5.0 and earlier, along with older AB1561x, AB1562x, and AB1563x SDK versions.

The NVD entry for CVE-2025-20701 gives the flaw a CVSS 3.1 score of 8.8 and classifies the weakness as incorrect authorization. Its attack vector is adjacent network, which fits a Bluetooth-range attack rather than a remote internet-based exploit.

• The attacker needs to be physically nearby.
• The target device must be affected and in a vulnerable pairing state.
• No victim interaction is required for the vulnerability itself.
• The most direct risk is unauthorized microphone access.
• Related Airoha flaws could support broader device access on affected products.

Researchers Warned About Broader Bluetooth Headphone Risks

ERNW’s research found that some Airoha-based devices exposed powerful control paths over Bluetooth. In their security advisory, the researchers said affected devices could expose functions that allow reading and writing RAM or flash under certain conditions.

The same vulnerability family included CVE-2025-20700 and CVE-2025-20702. The Airoha bulletin lists those issues alongside CVE-2025-20701, with CVE-2025-20702 marked as critical because it involves unauthorized access to RACE protocol capabilities.

Jabra also addressed the same CVE group in several products in 2025. The Jabra Security Center says the vulnerabilities could allow attackers within Bluetooth range to access a headset without pairing or authentication, with possible microphone eavesdropping in rare cases.

CVE	General issue	Severity listed by Airoha
CVE-2025-20700	Missing GATT authentication for RACE services with critical data	High
CVE-2025-20701	Bluetooth pairing without user consent	High
CVE-2025-20702	Unauthorized access to critical RACE protocol capabilities	Critical

How to Check and Install the Beats Firmware Update

Apple says Beats firmware updates install automatically over the air on Apple devices when the headphones are paired, charged, and in Bluetooth range. The Beats update guide says users should keep their Beats up to date for the latest firmware improvements.

On iPhone or iPad, users can check the firmware by opening Settings, selecting Bluetooth, tapping the information button next to the Beats device, and checking the version number. On Mac, the version appears in System Settings under Bluetooth after selecting the connected headphones.

Android users can use the Beats app. Apple’s official update instructions say an Update button appears in the app when a firmware update is available for a connected device.

1. Pair Beats Studio Buds with an iPhone, iPad, Mac, or Android device.
2. Keep the earbuds charged or place them in the charging case.
3. Keep the earbuds within Bluetooth range of the paired device.
4. Check the firmware version after the update process completes.
5. Confirm that Beats Studio Buds show firmware version 1B211 or later.

Separate A12 and A13 SecureROM Exploit Disclosed

Separately, security firm Paradigm Shift published research on usbliter8, a proof-of-concept exploit for a SecureROM vulnerability affecting Apple’s A12 and A13 chip families. The usbliter8 write-up says the exploit combines a hardware issue in the USB controller with a configuration flaw in device firmware.

This research does not concern Beats Studio Buds and is not fixed by Beats Firmware Update 1B211. It affects a different class of Apple hardware and targets the early boot chain, which makes it closer in nature to earlier BootROM research than to a Bluetooth audio flaw.

Paradigm Shift says currently supported SoCs include Apple A12, S4/S5, and A13. The researchers also noted that moving to newer hardware remains the most effective mitigation because the affected code sits in immutable hardware-level firmware.

Why This Patch Matters

The Beats Studio Buds update shows why Bluetooth accessories need the same security attention as phones, laptops, and tablets. Wireless earbuds carry microphones, maintain trusted links with phones, and often stay powered on in public places.

Users should install Beats Firmware Update 1B211 as soon as possible and avoid leaving unpaired earbuds in pairing mode longer than necessary. Businesses that issue earbuds to staff should also add firmware checks to their device maintenance process.

Other audio vendors have also patched related Airoha issues. The Jabra advisory shows how the same vulnerability family affected multiple Bluetooth audio products, making firmware updates important across brands, not only for Beats users.

FAQ