Apple addresses a critical Beats Studio Buds bug allowing potential eavesdropping. (Illustrative AI-generated image).
Apple has released a critical firmware update for Beats Studio Buds after researchers discovered a vulnerability that could let someone nearby eavesdrop on your conversations through the earbuds’ microphone.
The flaw, tracked as CVE-2025-20701, is rated high severity and affects the Bluetooth chips inside the wireless earbuds. Apple states the vulnerability could allow an attacker within Bluetooth range to listen through the microphone of a device that is not yet paired and is actively looking for connection requests.
Apple released a firmware update, version 1B211, to fix the issue. The update is delivered automatically when the earbuds are paired with an iPhone, iPad, or Mac within Bluetooth range. However, many users may not realize the update has been applied or that they need to take action.
This article explains the Beats Studio Buds vulnerability, how an attack could work, who found it, and what you should do to protect yourself.
Understanding the Beats Studio Buds Vulnerability: CVE-2025-20701
CVE-2025-20701 is a high-severity vulnerability in the firmware running on the Bluetooth chips within Beats Studio Buds. CVE stands for Common Vulnerabilities and Exposures, a standard system for identifying and tracking security flaws with a unique ID number.
The core problem is improper authentication. This means the earbuds do not adequately verify connection requests in certain situations, creating an opportunity for someone nearby to trick the earbuds into accepting a connection from an unauthorized device.
Apple’s security advisory explains the impact: “An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests.”
Crucially, this attack only works when the earbuds are not already connected to a paired device and are in a state of actively searching for a Bluetooth connection. This state is common when taking earbuds out of their case or when they lose connection and try to re-establish it.
Researchers demonstrated the attack through end-to-end tests, showing that an individual with the right equipment and within Bluetooth range (approximately 30 feet or 10 meters) could impersonate a previously paired device and access the earbuds’ microphone. This would allow them to hear any sounds picked up by the microphone.
This vulnerability is specific to Beats Studio Buds. Apple has not indicated if other Beats models or any AirPods models are affected by this particular flaw.
How an Attacker Could Eavesdrop Using the Beats Studio Buds Vulnerability
Here’s a simplified breakdown of how this attack could be carried out:
What an Attacker Needs
An attacker must be within Bluetooth range (about 30 feet, reduced by obstacles) of the Beats Studio Buds. They also need a device capable of acting as a Bluetooth speaker or headset, equipped with specialized software. This attack requires technical knowledge and specific tools, not just a standard phone.
When the Attack Can Occur
This attack is only possible when the earbuds are unpaired and actively searching for a connection. Common scenarios include:
- Immediately after removing the earbuds from their charging case.
- When turning on the earbuds after they have been powered off.
- When the earbuds lose their Bluetooth connection and attempt to reconnect.
- When the earbuds are put into pairing mode for a new device.
If the earbuds are already connected and in use, the attack cannot succeed. The vulnerability is limited to the brief window of unpaired searching.
The Eavesdropping Process
The attacker sends a fraudulent connection request to the earbuds. Due to the improper authentication, the earbuds accept the attacker’s request. Once connected, the attacker can activate the earbuds’ microphone and listen to any sounds captured, such as conversations or ambient noise.
Detecting the Eavesdropping
The attack is designed to be silent. The victim may not notice any unusual activity, although a Bluetooth connection indicator might appear. Attackers could potentially disconnect and reconnect multiple times to extend listening periods.
Attack Difficulty
Executing this attack requires technical skill and specific hardware, making it difficult for casual individuals. However, it is feasible for a determined attacker in public or semi-public environments like coffee shops or offices, as demonstrated by researchers.
Who Discovered the Beats Studio Buds Flaw
Apple’s security advisory does not name the specific researchers or organization that discovered and reported the Beats Studio Buds vulnerability. This is a common practice for Apple, which sometimes credits researchers and sometimes does not.
What is known is that researchers demonstrated the vulnerability through end-to-end tests, creating a working proof of concept. It is likely they reported the flaw to Apple through its bug bounty program, which rewards researchers for finding and responsibly disclosing security issues.
Apple’s bug bounty program covers its products, including headphones, and encourages private reporting to allow for fixes before exploitation.
The absence of named researchers means direct follow-up is not possible. However, Apple’s quick response and high severity rating suggest the researchers provided clear evidence of the risk.
Apple’s Fix and How to Check Your Beats Studio Buds Firmware
Apple has released Beats Firmware Update 1B211 to address the vulnerability. This update is delivered over-the-air, downloading automatically when the earbuds are paired with an internet-connected iPhone, iPad, or Mac within Bluetooth range.
There is no manual option to force the update. It occurs in the background when the earbuds are connected to an Apple device with internet access, typically while in their charging case and near the paired device.
To verify if the update is installed, users can check the firmware version:
- On an iPhone or iPad: Go to Settings > Bluetooth. Tap the ‘i’ icon next to Beats Studio Buds. Check the Firmware Version.
- On a Mac: Go to System Settings > Bluetooth. Find Beats Studio Buds and click the info button. The firmware version will be listed.
The firmware version should be 1B211. If it is lower, ensure your earbuds are paired with an internet-connected Apple device, placed in their charging case, and kept near the device. The update should install within a few hours.
Apple does not provide a notification for firmware updates; users must manually
