Press play to start listening
Apple has fixed a flaw in its Beats Studio Buds wireless headphones that allowed hackers to use the built-in microphone to listen to your private conversations without your knowledge.
According to Apple’s official advisory, the issue is tracked as CVE-2025-20701, and was identified by researchers Dennis Heinze and Frieder Steinmetz from ERNW GmbH security firm.
Heinze and Steinmetz discovered that the bug exists in the open-source code of a system called the Airoha Bluetooth audio SDK. For your information, this system helps run the earbuds, and the issue happens when the headphones are turned on but aren’t connected to a phone or computer.
Vulnerability Explained
What happens in this scenario is that the earbuds look for a new connection. That’s when any hacker in proximity can strike. All they have to do is link to the device, and this doesn’t even need the user’s permission. The software cannot check or verify who is connecting, so the hacker can easily eavesdrop on your conversations.
However, this trick requires some prerequisites, such as the hacker must be within a standard Bluetooth range of about 10 metres. During the testing phase, researchers chained this bug with two other flaws.
The first issue, CVE-2025-20700, allows an unauthenticated attacker to connect to the earbuds using Bluetooth Low Energy, whereas the second issue, CVE-2025-20702, helps them evade security and access internal management settings.
Combining them allowed researchers to use the Bluetooth Hands-Free Profile feature and look at call histories or contact lists, and dial numbers. However, real attacks are very hard to carry out, research reveals, because they require expert skills and physical closeness to the person.
How to Get the Update
Apple fixed the bug on 16 June by releasing Beats Firmware Update 1B211. You don’t need to click anything to install this fix as the earbuds update by themselves when they are in their charging case, plugged into power, and placed near an iPhone, iPad, or Mac with Bluetooth turned on. Android users need to get the patch through the official Beats app.
You can also confirm if your earbuds are updated. Just open the Bluetooth settings and check the version number. Consider the patch as active if the version is 1B211. However, it is still a good idea to turn off Bluetooth when not in use to keep your devices safe.
Photo by Lalith Sai Thomala on Unsplash
