Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap Vulnerability
Key Facts
- The security update fixes CVE-2025-20701, a vulnerability discovered by Dennis Heinze and Frieder Steinmetz of German cybersecurity firm ERNW.
- Apple also released new 8B41 firmware for AirPods Pro 2 and AirPods Pro 3, but it doesn't include the patch for CVE-2025-20701, as these leverage Apple's proprietary audio silicon.
- The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.
- Details of the vulnerability first emerged in June 2025 when ERNW GmbH researchers Dennis Heinze and Frieder Steinmetz flagged it alongside two other flaws in Airoha SoCs (CVE-2025-20700 and CVE-2025-20702) at the TROOPERS security conference in Germany.
- CVE-2025-20701 can be exploited when the Beats headphones aren't paired and actively looking for devices for pairing.
- The CVE-2025-20701 vulnerability was discovered by researchers at a cybersecurity company, ERNW, and first reported back in June 2025, with more disclosure in December of the same year.
- These capabilities allow for multiple attack scenarios." New Unpatchable Exploit Discovered in Apple's A12 and A13 Chips The disclosure comes as Paradigm Shift disclosed a novel iPhone SecureROM (aka BootROM) vulnerability impacting Apple's A12 and A13 chips, in addition to a proof-of-concept (PoC) exploit codenamed usbliter8.
- CVE-2025-20701, the flaw addressed by Apple, specifically involved a lack of pairing enforcement over Bluetooth Classic connections.
- Apple Just Updated The Beats Studio Buds To Fix A Major Bluetooth Security Flaw Apple's 2021 Beats Studio Buds wireless headphones are receiving a new firmware update, which patches a major security vulnerability related to their Bluetooth connectivity.
- Apple has released Beats Firmware Update 1B211 to address a Bluetooth vulnerability affecting Beats Studio Buds that could allow a nearby attacker to listen through a device's microphone before it has been paired.
The security update fixes CVE-2025-20701, a vulnerability discovered by Dennis Heinze and Frieder Steinmetz of German cybersecurity firm ERNW. The issue is tracked as CVE-2025-20701, CVE-2025-20700, CVE-2025-20702. Apple also released new 8B41 firmware for AirPods Pro 2 and AirPods Pro 3, but it doesn’t include the patch for CVE-2025-20701, as these use Apple’s proprietary audio silicon.
The Vulnerability
The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.
Further details indicate that details of the vulnerability first emerged in June 2025 when ERNW GmbH researchers Dennis Heinze and Frieder Steinmetz flagged it alongside two other flaws in Airoha SoCs (CVE-2025-20700 and CVE-2025-20702) at the TROOPERS security conference in Germany.
CVE-2025-20701 can be exploited when the Beats headphones aren’t paired and actively looking for devices for pairing.
The CVE-2025-20701 vulnerability was discovered by researchers at a cybersecurity company, ERNW, and first reported back in June 2025, with more disclosure in December of the same year.
“An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests,”, Spokesperson
Technical Details
CVEs:
From a technical standpoint, the vulnerability presents several concerns:
These capabilities allow for multiple attack scenarios.” New Unpatchable Exploit Discovered in Apple’s A12 and A13 Chips The disclosure comes as Paradigm Shift disclosed a novel iPhone SecureROM (aka BootROM) vulnerability impacting Apple’s A12 and A13 chips, in addition to a proof-of-concept (PoC) exploit codenamed usbliter8.
Risk & Exposure
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. “As these vulnerabilities reside in immutable code, affected users should be aware that migrating to newer hardware remains the most effective mitigation.” At a high level, the exploit works by leveraging a flaw in the USB controller built into Apple SoCs. Because Airoha chips are used in a wide range of audio products, the issue affected multiple devices, including Beats Studio Buds.
Apple has released Beats Firmware Update 1B211 to address a Bluetooth vulnerability affecting Beats Studio Buds that could allow a nearby attacker to listen through a device’s microphone before it has been paired.
Timeline
| Date | Event | |, , |, , -| | 2025 | Similar patches were released by Jabra in December 2025. | | 2025 | Researchers disclosed flaws in Airoha system-on-a-chip (SoCs) devices at a security conference in Germany in 2025. | | 2025 | The security update fixes CVE-2025-20701, a vulnerability discovered by Dennis Heinze and Frieder Steinmetz of German… | | 2025 | The vulnerability is one of three critical Bluetooth flaws that ERNW disclosed in 2025 after analyzing firmware used … | | 2025 | CVE-2025-20701, the flaw addressed by Apple, specifically involved a lack of pairing enforcement over Bluetooth Class… | | 2021 | Apple Just Updated The Beats Studio Buds To Fix A Major Bluetooth Security Flaw Apple’s 2021 Beats Studio Buds wirele… |
Patching & Remediation
-
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users.
-
The issue has been addressed in Beats Firmware Update 1B211.
-
Similar patches were released by Jabra in December 2025.
-
“On A12 and A13, USB DART is configured in bypass mode, allowing us to overwrite SRAM data freely.
-
Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap.
-
It should read 1B211 if the security update has been applied.
Analysis
This disclosure adds to a growing pattern of critical vulnerabilities affecting enterprise infrastructure.
Sources
- https://www.malwarebytes.com/blog/bugs/2026/06/apple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap
- https://www.bgr.com/2197259/apple-updated-beats-studio-buds-to-fix-bluetooth-security-flaw/
- https://nvd.nist.gov/vuln/detail/CVE-2025-20701
- https://nvd.nist.gov/vuln/detail/CVE-2025-20700
- https://nvd.nist.gov/vuln/detail/CVE-2025-20702
- https://support.sap.com/en/my-support/knowledge-base/security-notes.html/CVE-2025-20701
- https://support.sap.com/en/my-support/knowledge-base/security-notes.html/CVE-2025-20700
- https://support.sap.com/en/my-support/knowledge-base/security-notes.html/CVE-2025-20702
Sources & References
- Source referenced in coverage https://www.malwarebytes.com/blog/bugs/2026/06/apple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap
- Source referenced in coverage https://www.bgr.com/2197259/apple-updated-beats-studio-buds-to-fix-bluetooth-security-flaw/
- CVE-2025-20701 — NIST National Vulnerability Database entry. https://nvd.nist.gov/vuln/detail/CVE-2025-20701
- CVE-2025-20700 — NIST National Vulnerability Database entry. https://nvd.nist.gov/vuln/detail/CVE-2025-20700
- CVE-2025-20702 — NIST National Vulnerability Database entry. https://nvd.nist.gov/vuln/detail/CVE-2025-20702
- CVE-2025-20701 — Sap advisory. https://support.sap.com/en/my-support/knowledge-base/security-notes.html/CVE-2025-20701
- CVE-2025-20700 — Sap advisory. https://support.sap.com/en/my-support/knowledge-base/security-notes.html/CVE-2025-20700
- CVE-2025-20702 — Sap advisory. https://support.sap.com/en/my-support/knowledge-base/security-notes.html/CVE-2025-20702
- CVE-2025-20701 — National Vulnerability Database
- CVE-2025-20700 — National Vulnerability Database
- CVE-2025-20702 — National Vulnerability Database
SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.
Security Digest
Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.
Related Articles
Critical Gitea Flaw Under Active Exploitation, Researchers Warn Vulnerability (CVE-2026-20896)
Specific to Gitea’s official Docker images, the critical-severity security defect is tracked as CVE-2026-20896 (CVSS score of 9.8) and can be exploited with...
Vulnerabilities & ExploitsCisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild Vulnerability
Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The...
Vulnerabilities & ExploitsPalo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw Vulnerability
"Only a small portion of the probed devices actually established VPN sessions, resulting in gateway-connected events." The company has also released...
Vulnerabilities & ExploitsAttackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer Vulnerability
"Credentials accessible from a developer or administrator workstation may provide entry into production infrastructure, build pipelines, source code...