Apple Fixes Security Flaw in Beats Studio Buds to Prevent Hacking

Post Views: 1

Apple has issued security updates to resolve a significant flaw impacting the Beats Studio Buds wireless earbuds, which could enable unauthorized individuals within Bluetooth proximity to intercept audio communications.

Vulnerability Details

The company disclosed that an attacker within range of an unpaired device may exploit the vulnerability to access microphone input from a device actively seeking a Bluetooth connection. This issue stems from open-source code components and affects Apple’s software ecosystem. The vulnerability was assigned the identifier CVE-2025-20701 by an external organization.

Fix and Update

The flaw was mitigated through Beats Firmware Update 1B211, which will be automatically deployed to affected devices when they connect to an iPhone, iPad, or Mac. Users can verify the update status via the Bluetooth settings menu by selecting the information icon adjacent to the earbuds.

Researchers’ Findings

The vulnerability was identified by Dennis Heinze and Frieder Steinmetz of ERNW GmbH during research on the Airoha system-on-a-chip (SoC) architecture. The researchers disclosed the issue a year prior at the TROOPERS security conference and developed a proof-of-concept exploit demonstrating how attackers could initiate calls and monitor conversations near the target device.

Additional Vulnerabilities

By combining CVE-2025-20701 with two additional vulnerabilities (CVE-2025-20700 and CVE-2025-20702) affecting the same hardware component, threat actors could leverage the Bluetooth Hands-Free Profile (HFP) to execute commands on paired devices after compromising the connection.

Attack Surface and Implications

The researchers emphasized that no authentication or prior pairing is required to exploit these flaws, as the vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE) protocols. Attackers could access and modify the device’s memory, including reading and writing to RAM and flash storage. Further analysis revealed that compromised devices could expose call logs, contact lists, and the ability to dial arbitrary numbers after extracting Bluetooth link keys from memory.

Conclusion

While the attack surface varies depending on the operating system, all major platforms support at least basic call initiation and reception functions. The researchers noted that executing such attacks requires technical expertise and physical proximity, suggesting they would likely target high-value individuals rather than broad-scale operations. The discovery highlights the risks associated with Bluetooth-enabled peripherals and underscores the importance of regular firmware updates. Apple’s patch addresses the immediate threat, but the findings serve as a reminder of the complexities involved in securing wireless communication protocols.