Beats Studio Buds Security Flaw Allows Nearby Attackers to Eavesdrop

Post Views: 3

Apple addressed a critical security flaw in its Beats Studio Buds wireless earbuds that could allow adversaries to intercept audio data through the device’s microphone.

Vulnerability Overview

Description

The vulnerability, disclosed in a recent security advisory, was resolved through a firmware update released on June 16, 2026. The flaw, designated CVE-2025-20701, was identified by researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH.

Researchers

The issue stems from a vulnerability in the open-source Airoha Bluetooth audio SDK, which manages core functions of the earbuds.

SDK Vulnerability

The vulnerability arises when the device is powered on but not actively paired with a Bluetooth-enabled device. During this state, the earbuds initiate a search for new connections, creating an opportunity for nearby attackers to exploit the system.

Exploit Mechanism

Connection Process

Attackers within a 10-meter range can establish an unauthorized Bluetooth connection without user consent. The vulnerability bypasses standard authentication mechanisms, enabling eavesdropping on nearby conversations.

Attack Scope

Researchers demonstrated that this flaw could be combined with two additional vulnerabilities—CVE-2025-20700 and CVE-2025-20702—to further compromise the device.

Additional Vulnerabilities

CVE-2025-20700

The first flaw allows unauthenticated access via Bluetooth Low Energy.

CVE-2025-20702

The second facilitates bypassing security controls to access internal settings. Together, these issues could enable attackers to retrieve call logs, contact lists, and initiate calls through the Bluetooth Hands-Free Profile.

Mitigation and Recommendations

Firmware Update

Apple mitigated the issue through firmware update 1B211, which is automatically applied when the earbuds are placed in their charging case and connected to an iPhone, iPad, or Mac with Bluetooth enabled.

User Actions

Android users must install the patch via the official Beats app. Users can verify the update by checking the Bluetooth settings for the firmware version. A confirmed update is indicated by the version number 1B211.

Security Advice

Security experts recommend disabling Bluetooth when not in use to minimize exposure to potential threats. The vulnerability highlights the importance of timely firmware updates and proactive security measures for IoT devices.

Researchers demonstrated that this flaw could be combined with two additional vulnerabilities—CVE-2025-20700 and CVE-2025-20702—to further compromise the device.