Apple has released a critical security update for its Beats Studio Buds to patch a Bluetooth vulnerability, identified as CVE-2025-20701, which could allow unauthorized users to intercept audio or eavesdrop on nearby conversations. According to Ars Technica, the vulnerability stems from faulty Bluetooth implementation in chips manufactured by Airoha Systems, potentially affecting other audio brands including Jabra, Bose, and JBL.
How does this Bluetooth vulnerability work?
The security flaw allows an attacker within Bluetooth range to connect to a pair of headphones that are not currently paired but are actively searching for a connection. As detailed by Apple, this exploit enables an unauthorized user to utilize the microphone of the target device to listen to surrounding audio. While the exploit requires the attacker to be physically near the victim, it creates significant privacy risks in public spaces, offices, or shared living environments where Bluetooth signals can traverse walls or partitions.
Bluetooth vulnerabilities often stem from the “pairing discovery” phase. When devices are in search mode, they broadcast identifiers that, if improperly secured by the chipset firmware, can be exploited to force a connection without the user’s explicit authorization.
How to update your Beats Studio Buds
Users can verify their security status by checking the firmware version of their Beats Studio Buds within the iOS Settings menu. Navigate to the Bluetooth section, tap the “i” icon next to your device name, and scroll to the “About” section. If your device is running firmware version “1B211,” it is protected against this specific exploit. To trigger an update, Apple recommends placing the earbuds in their charging case, connecting them to a power source, and keeping them in proximity to an iPhone for at least 30 minutes.
Are other audio brands at risk?
The security risk extends beyond Apple products because the underlying hardware component—the Airoha Systems Bluetooth chip—is a common industry standard. Unlike software-based vulnerabilities that are unique to a single operating system, hardware-level flaws can impact any manufacturer utilizing the same integrated circuit. Experts suggest that owners of Jabra, Bose, and JBL devices should proactively check for companion app updates. Manufacturers often bundle these security patches into firmware updates delivered through proprietary mobile applications.
If you aren’t actively trying to pair your headphones with a new device, disable Bluetooth on your phone or keep your headphones stored in their case. This limits the “discovery” window that attackers need to initiate a connection.
Frequently Asked Questions
Can an attacker access my data through this Bluetooth bug?
No. According to the vulnerability reports, the exploit is limited to microphone access. It does not provide access to files, photos, or personal data stored on your connected smartphone.
Do I need to update my headphones if I only use them with an Android phone?
Yes. The firmware resides on the headphones themselves. If you do not have an Apple device to trigger the update, check the manufacturer’s support website for instructions on how to use their dedicated Android app to apply the latest firmware.
Is this vulnerability still a threat?
It remains a threat only for devices that have not been updated. Once the 1B211 firmware (or later) is installed, the specific path for this exploit is closed.
Have you updated your audio gear recently? Check your firmware settings today to ensure your privacy is protected. For more tech security updates, subscribe to our weekly newsletter or join the conversation in the comments section below.
