
Apple has released a security update for Beats Studio Buds. The update fixes a serious Bluetooth flaw.
The flaw is tracked as CVE-2025-20701. It affects the Bluetooth pairing process.
As a result, a nearby attacker could abuse the issue. In some cases, the attacker may listen through the device microphone.
Why This Flaw Matters
The main risk is audio spying. The attacker must be within Bluetooth range.
However, the issue is still serious. The attack does not need user interaction. It also does not need special access.
In simple terms, the device may accept an unsafe Bluetooth connection while it is looking for pairing requests.
What Caused the Issue?
The issue comes from incorrect authorization. It affects the Airoha Bluetooth audio SDK.
This SDK is used in some Bluetooth audio devices. If pairing checks fail, a device may accept a connection without user approval.
Because of this, attackers may gain unauthorized access. The risk can be higher in public places.
Affected Device and Firmware Fix
Apple says the issue affects Beats Studio Buds. The fix is available in Beats Firmware Update 1B211.
Firmware updates are usually delivered automatically. The earbuds must be paired with an iPhone, iPad, or Mac. They also need to stay within Bluetooth range.
Users can check the firmware version in Bluetooth settings. On iPhone or iPad, open Settings and go to Bluetooth. Then tap the info button next to the headphones.
Link to Airoha Bluetooth SDK
CVE-2025-20701 is not only an Apple issue. It comes from open source code that also affects other projects.
Airoha says the flaw may allow Bluetooth audio pairing without user consent. This can lead to remote privilege escalation.
Also, the flaw does not need user interaction. For this reason, device makers need to ship firmware fixes for affected products.
Risk in Public Places
Bluetooth flaws like this can be more risky in crowded areas. Examples include airports, cafes, offices, hotels, and public transport.
In these places, many Bluetooth devices are active. So, attackers may find more nearby targets.
Still, the attack has a limit. The attacker must be close enough for Bluetooth. The highest risk appears when a device is active and seeking pairing requests.
What Users Should Do
Beats Studio Buds users should make sure their firmware is updated. Keep the earbuds connected to an iPhone, iPad, or Mac so the update can install.
Also, review the list of paired Bluetooth devices. Remove any device that you do not recognize.
When Bluetooth is not needed, turn it off. This simple step can reduce the chance of unwanted connections.
Another Apple Security Finding
The article also mentions another Apple security finding. This one affects Apple A12 and A13 chips and is known as usbliter8.
This issue is different from the Beats flaw. It affects SecureROM, also known as BootROM.
Because the affected code cannot be changed, newer hardware is the best mitigation. However, Beats Studio Buds users should focus on installing firmware update 1B211.
Key Takeaway
Apple has patched a Bluetooth flaw in Beats Studio Buds. The flaw could allow a nearby attacker to listen through the microphone.
For this reason, users should update their firmware. They should also avoid unnecessary Bluetooth pairing in public places.
In the end, firmware updates are the most important step. With the right update, users can reduce the risk of Bluetooth abuse.
Source: https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html
