Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone.
A high-severity vulnerability (CVE-2025-20701) in the Beats Studio Buds wireless earbuds allowed nearby attackers to pair without user consent and listen through the microphone. The flaw was due to incorrect authorization in the Airoha Bluetooth audio SDK. Apple addressed the issue in Beats Firmware Update 1B211. Exploitation requires only Bluetooth range proximity and no user interaction. This vulnerability was publicly disclosed in June 2025 alongside related flaws in Airoha SoCs. Similar patches were issued by other vendors like Jabra. The flaw enables remote escalation of privilege and potential eavesdropping.
AI Analysis
Technical Summary
The vulnerability CVE-2025-20701 affects Beats Studio Buds and stems from incorrect authorization in the Airoha Bluetooth audio SDK, allowing attackers within Bluetooth range to pair with the device without user consent. This enables them to remotely escalate privileges and listen through the microphone without requiring any additional execution privileges or user interaction. The issue was publicly disclosed by ERNW GmbH researchers in June 2025 and affects devices using Airoha SoCs. Apple patched the vulnerability in Beats Firmware Update 1B211. The flaw can be triggered via Bluetooth BR/EDR or BLE and allows attackers to read and write device memory, hijack trust relationships, and fully take over the headphones. Similar vulnerabilities were patched by other vendors such as Jabra in late 2025.
Potential Impact
Successful exploitation allows an attacker within Bluetooth range to pair with Beats Studio Buds without user consent and eavesdrop through the microphone. The attacker can escalate privileges remotely without user interaction, potentially gaining full control over the headphones and hijacking trust relationships with paired devices. This compromises user privacy and device integrity.
Mitigation Recommendations
Apple has released Beats Firmware Update 1B211 to address this vulnerability. Users should update their Beats Studio Buds to this firmware version to mitigate the risk. No additional user action is required beyond applying the official firmware update.
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone.
Description
A high-severity vulnerability (CVE-2025-20701) in the Beats Studio Buds wireless earbuds allowed nearby attackers to pair without user consent and listen through the microphone. The flaw was due to incorrect authorization in the Airoha Bluetooth audio SDK. Apple addressed the issue in Beats Firmware Update 1B211. Exploitation requires only Bluetooth range proximity and no user interaction. This vulnerability was publicly disclosed in June 2025 alongside related flaws in Airoha SoCs. Similar patches were issued by other vendors like Jabra. The flaw enables remote escalation of privilege and potential eavesdropping.
Reddit Discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-20701 affects Beats Studio Buds and stems from incorrect authorization in the Airoha Bluetooth audio SDK, allowing attackers within Bluetooth range to pair with the device without user consent. This enables them to remotely escalate privileges and listen through the microphone without requiring any additional execution privileges or user interaction. The issue was publicly disclosed by ERNW GmbH researchers in June 2025 and affects devices using Airoha SoCs. Apple patched the vulnerability in Beats Firmware Update 1B211. The flaw can be triggered via Bluetooth BR/EDR or BLE and allows attackers to read and write device memory, hijack trust relationships, and fully take over the headphones. Similar vulnerabilities were patched by other vendors such as Jabra in late 2025.
Potential Impact
Successful exploitation allows an attacker within Bluetooth range to pair with Beats Studio Buds without user consent and eavesdrop through the microphone. The attacker can escalate privileges remotely without user interaction, potentially gaining full control over the headphones and hijacking trust relationships with paired devices. This compromises user privacy and device integrity.
Mitigation Recommendations
Apple has released Beats Firmware Update 1B211 to address this vulnerability. Users should update their Beats Studio Buds to this firmware version to mitigate the risk. No additional user action is required beyond applying the official firmware update.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:patch","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["patch"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a350d40f198dc38c1e72e79
Added to database: 6/19/2026, 9:34:56 AM
Last enriched: 6/19/2026, 9:35:01 AM
Last updated: 6/19/2026, 3:54:43 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.