Apple updates Beats Studio Buds to fix Bluetooth eavesdropping flaw
A firmware update addresses a high-severity bug that could let nearby attackers listen through a microphone under certain Bluetooth conditions.
By James Whitfield · Staff Writer
3 min read
Apple has released a firmware update for Beats Studio Buds after a high-severity Bluetooth flaw was found that could allow nearby attackers to listen through a microphone. The issue matters because it affected the pairing process, a core trust mechanism for wireless headphones and the devices they connect to.
Apple identified the vulnerability as CVE-2025-20701 in a security advisory Tuesday. The company said an attacker within Bluetooth range could potentially listen through the microphone of a device that had not yet paired and was actively looking for pairing requests.
The fix is included in Beats Firmware Update 1B211, according to Apple. The update is installed automatically when the earbuds are paired with, and within Bluetooth range of, an iPhone, iPad or Mac.
Users can check whether their earbuds have the updated firmware by opening Settings on their Apple device, selecting Bluetooth, and tapping the information button next to the headphones, Apple said.
How the flaw worked
The vulnerability stemmed from improper authentication in firmware used by Bluetooth-related chips, according to security researchers Dennis Heinze and Frieder Steinmetz of Insinuator. The weakness could let someone nearby pose as a device that had previously been paired with the earbuds.
Heinze and Steinmetz demonstrated attacks that allowed eavesdropping on conversations or other sounds within range of a phone microphone. CVE-2025-20701 carries a severity score of 8.8 out of 10.
The bug was one of three vulnerabilities the Insinuator researchers disclosed last year in chips made by Airoha Systems. Airoha later issued an updated software development kit for hardware makers using the affected components.
Apple’s Beats Studio Buds update followed other vendor fixes. Jabra also announced patched versions, while Ecoustics reported that Bose and JBL said their devices had been updated to include the fixes.
Broader Bluetooth risks
The Insinuator researchers said the broader attack chain they studied could support other actions, including retrieving call history and contacts or placing calls to arbitrary numbers. They said those capabilities depend on the paired devices involved because Bluetooth features vary across platforms.
Other Bluetooth pairing systems have faced similar scrutiny. Researchers disclosed a separate set of bugs called WhisperPair in January affecting devices connected through Google Fast Pair, a proprietary Google protocol.
Those researchers said WhisperPair could be used for eavesdropping and device geolocation. The flaws affected more than a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus and Google.
Ars Technica reported that there are few, if any, public reports of Bluetooth vulnerabilities of this kind being actively exploited. Such attacks can be difficult to carry out because the attacker must stay within Bluetooth range while using the exploit.
People who believe they may be targeted can reduce exposure by turning off Bluetooth when it is not needed, Ars Technica reported. Users should also keep wireless devices updated, since fixes for flaws in shared Bluetooth components may arrive through firmware updates from each manufacturer.
This story draws on original reporting from Ars Technica.