Apple Patches Beats Studio Buds Wiretap Flaw

Your earbuds should not become someone else’s microphone.

Apple released Beats Firmware Update 1B211 on June 16 to fix a Bluetooth vulnerability in Beats Studio Buds that could have let an attacker within range listen through the earbuds’ microphone while the device was unpaired and actively seeking a connection.

The issue, tracked as CVE-2025-20701, highlights why wireless accessories should be part of routine device security checks, especially when they are used near work phones, laptops, calls, and voice assistants.

What Apple fixed

Apple patched a Bluetooth vulnerability in Beats Studio Buds that could have exposed the earbuds’ microphone under specific pairing conditions.

In its security advisory, Apple said an attacker within Bluetooth range may have been able to listen through the microphone of a device that was not yet paired and was actively seeking a pairing request.

The flaw is tracked as CVE-2025-20701. Apple described it as a vulnerability in open source code and said Apple software was among the affected projects. The company credited Dennis Heinze and Frieder Steinmetz of ERNW GmbH for reporting the issue.

The Hacker News reported that CVE-2025-20701 involved incorrect authorization in the Airoha Bluetooth audio SDK, which could allow a Bluetooth audio device to pair without user consent. The publication also reported that the vulnerability carried a CVSS score of 8.8.

ERNW researchers had previously discussed related Airoha system-on-a-chip flaws at the TROOPERS security conference in Germany. According to The Hacker News, the researchers said many of the vulnerabilities could allow attackers to take over headphones via Bluetooth without authentication or pairing.

Must-read security coverage

Why the attack window is limited

This is not the kind of remote attack that can reach someone from across the internet.

An attacker would need to be within Bluetooth range, and the Beats Studio Buds would need to be unpaired and actively looking for a pairing request.

Malwarebytes explained that the flaw affected the authentication process during pairing. In a normal pairing flow, headphones and a phone establish trust before sensitive functions, such as microphone access, become available. In this case, a nearby attacker could potentially pose as a legitimate pairing partner before the user finishes connecting the earbuds.

That makes the issue more relevant to targeted attacks than to broad criminal campaigns. Opportunistic attackers are still more likely to use phishing, password theft, or credential stuffing than specialized Bluetooth attacks.

The concern is sharper for people who handle sensitive calls or data in public spaces, including executives, journalists, public officials, security staff, and employees working near shared devices.

How to check the update

Apple said Beats firmware updates are delivered automatically while the headphones are paired with and in Bluetooth range of an iPhone, iPad, or Mac.

There is no manual “update now” button for Beats Studio Buds. Users can check the installed firmware version in Bluetooth settings.

On an iPhone or iPad, go to Settings, then Bluetooth, and tap the information button next to the Beats Studio Buds. On a Mac, go to System Settings, then Bluetooth, and check the information next to the headphones.

The firmware version should show 1B211 after the update has been applied. If an older version appears, users should keep the earbuds charged, connected, and near their Apple device until the update installs.

For IT teams, the broader lesson is to include peripherals in security guidance.

Bluetooth accessories may sit outside traditional endpoint management, but they still interact with microphones, devices, accounts, and conversations that organizations need to protect.

Read next: Apple pushed a rare patch after researchers flagged a “DarkSword” flaw that could affect millions of iPhones.