Apple patches – Apple has released security updates for Beats Studio Buds after a high-severity Bluetooth flaw could let attackers in range listen through an unpaired earbud’s microphone and potentially take over the device.
Beats Studio Buds users who stay connected to their phones might be safe—but only after installing Apple’s latest firmware update. The reason is uncomfortable and simple: a high-severity vulnerability could let an attacker in Bluetooth range spy on conversations by using the microphone of a device that isn’t yet paired and is actively seeking pair requests.
Apple says an attacker “may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests.” In its Tuesday advisory. the company ties the weakness to open source code. with Apple Software among the affected projects. The CVE-ID was assigned by a third party.
The patch is already on its way for people who pair their earbuds. Apple fixed the issue in Beats Firmware Update 1B211, which will be automatically delivered to vulnerable headphones when they are paired and within Bluetooth range of the user’s iPhone, iPad, or Mac.
For those who want to confirm the update landed, Apple provides a straightforward check: users can review whether the firmware has been applied from the Bluetooth settings on their device by tapping the info button next to the headphones.
This vulnerability is tracked as CVE-2025-20701. It was discovered by Dennis Heinze and Frieder Steinmetz of ERNW GmbH in the Airoha system-on-a-chip (SoCs). The security researchers disclosed the flaw one year ago at the TROOPERS security conference in Germany. describing it as stemming from a missing authentication weakness in the Bluetooth BR/EDR radio.
They also built a proof-of-concept exploit. Their demonstration showed how attackers could initiate a call and eavesdrop on conversations within earshot of the targeted phone.
What makes the story more alarming is how the weakness can stack. The researchers said that chaining CVE-2025-20701 with two other vulnerabilities—CVE-2025-20700 and CVE-2025-20702—affecting the same vulnerable component allows attackers to use the Bluetooth Hands-Free Profile (HFP) to issue commands to the phone after hijacking the connection between the phone and a paired Bluetooth audio device.
In their warning. ERNW researchers said: “In most cases. these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required.” They added that the vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). with Bluetooth range “the only precondition.” They also said it is possible to read and write the device’s RAM and flash.
They further reported that they could retrieve call history and contacts, and even call an arbitrary number after extracting the Bluetooth link keys from a vulnerable device’s memory.
The researchers emphasized the tradeoff between capability and practicality. They said the range of available commands depends on the mobile operating system. but all major platforms support at least initiating and receiving calls. Even so. they added that “real attacks are complex to perform” and should likely target only high-value targets because the attack requires technical sophistication and physical proximity.
At this stage. the key takeaway for everyday users is the same as Apple’s: get Beats Firmware Update 1B211 as soon as possible. and verify it in your Bluetooth settings if you can. The flaw’s promise to an attacker is narrowly defined—be in range. exploit the unpaired state. and use the earbuds’ microphone to listen—but the fix is clear. immediate. and designed to reach devices automatically once the earbuds are paired.
Apple Beats Studio Buds security update Bluetooth vulnerability CVE-2025-20701 Beats Firmware Update 1B211 ERNW TROOPERS Airoha SoC cybersecurity