Apple has updated its Beats Studio Buds wireless earbuds with a firmware fix for CVE-2025-20701, a high-severity Bluetooth flaw that could let a nearby attacker listen through the microphone without user consent.
KEY FACTS
- Severity CVE-2025-20701 carries a CVSS score of 8.8.
- Impact The issue could allow unauthorized pairing of a Bluetooth audio device.
- Fix Apple says the problem is addressed in Beats Firmware Update 1B211.
- Reach Exploitation required Bluetooth range but no extra privileges or user interaction.
The advisory said an attacker within Bluetooth range may be able to listen through the microphone of a device that is not yet paired and is actively seeking pair requests. The flaw affects the Airoha Bluetooth audio SDK and stems from incorrect authorization.
The issue first surfaced in June 2025 when ERNW researchers Dennis Heinze and Frieder Steinmetz flagged it alongside two other Airoha SoC flaws at the TROOPERS security conference in Germany. Similar patches were later released by Jabra in December 2025.
The researchers said such bugs can allow attackers to take over headphones over Bluetooth, with no authentication or pairing required. They also noted that attackers could read and write device memory and hijack trust relationships with other devices that are connected to the headphones.
At the same time, Paradigm Shift disclosed a separate iPhone SecureROM vulnerability affecting Apple’s A12 and A13 chips and released a proof of concept called usbliter8. The disclosure said the flaw relies on a USB controller bug and a firmware configuration issue, and that newer hardware is not affected.
WHY IT MATTERS
The Beats fix closes a flaw that could expose audio from nearby devices without any pairing step. The broader disclosures also show that Bluetooth and chip-level bugs can create security risks even in products that appear to be physically isolated from attackers.