Apple has recently addressed a critical security flaw in its Beats Studio Buds that could have allowed unauthorized access to users’ microphone audio. This vulnerability, identified as CVE-2025-20701, was discovered by security researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH.
The issue stemmed from a weakness in the Bluetooth pairing process of the Beats Studio Buds. Specifically, when the earbuds were actively seeking pairing connections, they could inadvertently expose microphone audio. This flaw meant that an attacker within Bluetooth range—approximately 10 meters—could potentially connect to the earbuds without authorization and eavesdrop on live audio input. Notably, this unauthorized access did not require prior pairing, making it particularly concerning in public spaces such as offices, airports, or cafes.
To mitigate this risk, Apple released Beats Firmware Update 1B211 on June 16, 2026. This update addresses the Bluetooth vulnerability, ensuring that the earbuds no longer expose microphone audio during the pairing process. The update is automatically delivered to Beats Studio Buds when they are connected to an iPhone, iPad, or Mac and within Bluetooth range.
Users can verify their firmware version through device settings:
- On iPhone or iPad: Navigate to Settings > Bluetooth, then tap the info icon next to the earbuds.
- On Mac: Go to System Settings > Bluetooth and select the connected device.
Ensuring that devices are updated is the primary step in mitigating this vulnerability. Additionally, users are advised to disable Bluetooth when not in use and to avoid pairing devices in untrusted environments.
This incident underscores the ongoing risks associated with wireless communication protocols, particularly Bluetooth. As devices increasingly rely on seamless pairing and always-on connectivity, the potential attack surface expands. It also highlights the importance of prompt firmware updates and the need for users to remain vigilant about the security of their devices.
