Apple has released Beats Firmware Update 1B211 to fix CVE-2025-20701, a high-severity Bluetooth flaw in Beats Studio Buds that could let nearby attackers eavesdrop on conversations. The issue affects the Airoha SoC and was disclosed by ERNW researchers Dennis Heinze and Frieder Steinmetz, with related vulnerabilities CVE-2025-20700 and CVE-2025-20702 also enabling deeper device compromise. #BeatsStudioBuds #CVE-2025-20701 #Airoha #ERNW #DennisHeinze #FriederSteinmetz
Keypoints
- Apple patched a Bluetooth flaw in Beats Studio Buds with firmware update 1B211.
- CVE-2025-20701 could let attackers in Bluetooth range listen through the microphone.
- The vulnerability was found in Airoha system-on-a-chip components.
- ERNW researchers demonstrated proof-of-concept attacks, including call interception and eavesdropping.
- Chaining the flaw with CVE-2025-20700 and CVE-2025-20702 could allow broader device control.