The vulnerability CVE-2025-20701 affects the Beats Studio Buds wireless earbuds using the Airoha system-on-a-chip. It arises from a missing authentication mechanism in the Bluetooth BR/EDR radio, allowing attackers within Bluetooth range to listen through the device's microphone without pairing. Researchers demonstrated that chaining this flaw with CVE-2025-20700 and CVE-2025-20702 enables attackers to hijack the Bluetooth connection, issue commands via the Hands-Free Profile, access device memory, retrieve call history and contacts, and place arbitrary calls. Apple addressed this issue with Beats Firmware Update 1B211, which is delivered automatically when the earbuds connect to Apple devices. The attack requires physical proximity and technical sophistication, limiting its practical exploitation.

Attackers within Bluetooth range can eavesdrop on conversations through the Beats Studio Buds microphone without pairing. They can also potentially take full control of the headphones, read and write device memory, retrieve sensitive data such as call history and contacts, and initiate calls via the Bluetooth Hands-Free Profile. The vulnerability affects user privacy and could lead to unauthorized surveillance and misuse of the device's Bluetooth capabilities. However, exploitation is complex and requires physical proximity and technical skill.

Apple has released an official firmware update (version 1B211) for Beats Studio Buds that patches this vulnerability. The update is automatically delivered when the earbuds are paired and within Bluetooth range of an iPhone, iPad, or Mac. Users should verify that their Beats Studio Buds have applied this firmware update via Bluetooth settings. No additional user action is required beyond ensuring the firmware is up to date. Patch status is confirmed by Apple’s advisory.