342/69 Wednesday, June 24, 2026
Apple has released a security update for Beats Studio Buds to address CVE-2025-20701, a vulnerability that could allow an attacker within Bluetooth range to listen through the device’s microphone if the earbuds have not yet been paired and are in pairing request discovery mode. The vulnerability is related to open-source code used in a Bluetooth system component.
Reports indicate that the vulnerability is associated with an authentication issue in the Bluetooth BR/EDR radio. Researchers from ERNW GmbH previously disclosed details and demonstrated a Proof-of-Concept showing that an attacker near the device could exploit the flaw to access the earbuds’ microphone. If combined with another vulnerability in the same component, the issue could potentially allow certain headphone functions to be controlled and, in some cases, enable interaction with the connected phone. However, real-world exploitation would require physical proximity and a high level of technical complexity.
Apple has fixed the vulnerability in Beats Firmware Update 1B211. The update is installed automatically when Beats Studio Buds are paired and within Bluetooth range of an iPhone, iPad, or Mac. Users should check the firmware version of their earbuds through the Bluetooth menu on their device, avoid leaving the earbuds in pairing mode unnecessarily, and keep connected devices updated to the latest version.
Source: https://hackread.com/beats-studio-buds-flaw-attackers-eavesdrop-users/