Apple has released a critical firmware update for its Beats Studio Buds to address a high-severity security vulnerability that could allow unauthorized individuals to eavesdrop on user audio. The flaw, tracked as [CVE-2025-20701](https://www.cve.org/CVERecord?id=CVE-2025-20701), permits attackers within Bluetooth range to impersonate previously paired devices and intercept microphone input.
How the Beats Studio Buds vulnerability works
The security flaw resides in the firmware governing the earbuds’ Bluetooth communication chips. According to [Apple’s official security advisory](https://support.apple.com/en-us/127557), the vulnerability stems from an improper authentication process. This weakness allows a nearby attacker to bypass standard pairing protocols. Once the connection is spoofed, the unauthorized party can potentially access the microphone of an unpaired device that is actively seeking a Bluetooth connection. This enables the attacker to listen to ambient sounds or conversations within the range of the device’s microphone.
How to update your Beats Studio Buds
Apple has addressed this issue with firmware version 1B211. Because Beats products do not have a manual “update” button, the software is pushed automatically. To trigger the update, ensure your Beats Studio Buds are in their charging case, connected to power, and within Bluetooth range of your iPhone, iPad, or Mac.
To verify your current firmware version:
- Open the Settings app on your connected iOS device.
- Select Bluetooth.
- Tap the Info (i) button next to your Beats Studio Buds in the device list.
- Scroll down to the About section to view the current firmware version.
Why this patch matters for Bluetooth security
This incident highlights the ongoing risks associated with “Man-in-the-Middle” (MitM) attacks on wireless peripherals. While Bluetooth technology has evolved significantly, vulnerabilities in the implementation of the pairing handshake remain a common target for researchers and malicious actors alike.
Compared to previous security patches for Apple hardware, this update is particularly notable because it targets the underlying firmware of the peripheral rather than the operating system of the host device. By patching the firmware directly on the earbuds, Apple prevents the exploitation of the authentication logic before it even reaches the smartphone or tablet. Users should prioritize this update, as similar Bluetooth-based exploits have historically been used to track or monitor users in high-traffic public areas like airports or cafes.
Key Takeaways
- Vulnerability: CVE-2025-20701 allows unauthorized audio eavesdropping via Bluetooth.
- Affected Model: Beats Studio Buds.
- The Fix: Firmware update 1B211.
- Action Required: Keep earbuds paired and near your Apple device to receive the automatic background update.
As of this week, there have been no reports of active, large-scale exploits involving this specific vulnerability in the wild, but the high-severity rating issued by Apple underscores the necessity of maintaining updated firmware for all wireless hardware.