Apple has released a firmware update for its Beats Studio Buds wireless earbuds to address a high-severity security vulnerability that could allow nearby attackers to secretly access a device’s microphone and eavesdrop on users.
The flaw, tracked as CVE-2025-20701 and assigned a CVSS score of 8.8, affects the Airoha Bluetooth audio software development kit (SDK) used in the earbuds. The vulnerability could enable unauthorized Bluetooth pairing without the owner’s consent, potentially exposing sensitive audio communications.
The issue has been fixed in Beats Firmware Update 1B211.
Vulnerability Could Allow Unauthorized Bluetooth Pairing
According to Apple’s security advisory, the flaw stems from an authorization weakness within the Bluetooth pairing process.
An attacker within Bluetooth range could exploit the vulnerability to establish a connection with a vulnerable device before it has been paired, allowing unauthorized access to the microphone.
Apple warned that:
“An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests.”
Notably, successful exploitation requires no user interaction and does not depend on additional privileges, making the vulnerability particularly concerning in public environments such as airports, offices, hotels, or conference venues.
Researchers Previously Exposed Multiple Airoha Bluetooth Flaws
The vulnerability was first disclosed in June 2025 by security researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH during the TROOPERS security conference in Germany.
The researchers identified three vulnerabilities affecting Airoha system-on-chip (SoC) platforms:
- CVE-2025-20700
- CVE-2025-20701
- CVE-2025-20702
Their research revealed that attackers could potentially gain extensive control over affected Bluetooth audio devices without requiring authentication or prior pairing.
According to the researchers, the flaws can be exploited through both:
- Bluetooth BR/EDR (Basic Rate/Enhanced Data Rate)
- Bluetooth Low Energy (BLE)
The only requirement is physical proximity within Bluetooth range.
Full Device Takeover Scenarios
Researchers warned that the vulnerabilities could enable attackers to:
- Read and modify device memory
- Access firmware stored in flash memory
- Hijack trusted Bluetooth relationships
- Impersonate previously paired devices
- Deploy malicious firmware modifications
- Potentially intercept audio communications
These capabilities create opportunities for advanced attacks that extend far beyond simple eavesdropping.
Security experts noted that compromised headphones could potentially become a bridge into a user’s broader device ecosystem, including smartphones and other connected devices.
Apple Issues Firmware Fix
Apple has addressed CVE-2025-20701 through Beats Firmware Update 1B211, reducing the risk of unauthorized pairing and microphone access.
Users are strongly encouraged to ensure their Beats Studio Buds are running the latest firmware version.
Keeping Bluetooth devices updated remains one of the most effective defenses against emerging wireless threats.
Researchers Reveal New Unpatchable Exploit for Apple’s A12 and A13 Chips
In a separate development, cybersecurity firm Paradigm Shift disclosed a new SecureROM (BootROM) vulnerability affecting Apple’s A12 and A13 processors.
The company also released a proof-of-concept exploit dubbed usbliter8, which targets low-level hardware functionality within affected devices.
Unlike traditional software vulnerabilities, BootROM flaws reside in immutable code embedded directly into the chip during manufacturing. As a result, they cannot be fully patched through software updates.
How the usbliter8 Exploit Works
According to Paradigm Shift, the exploit combines:
- A hardware flaw in Apple’s USB controller
- A firmware configuration weakness
The vulnerability allows attackers to manipulate how USB packets are processed during data transfers.
Researchers discovered that specially crafted packets can trigger a buffer underflow condition, potentially enabling arbitrary code execution at one of the most privileged levels of the device.
Because the weakness exists in hardware-level functionality, software-based fixes offer limited protection.
Which Apple Chips Are Affected?
Research indicates the vulnerability affects:
Vulnerable
- Apple A12
- Apple A13
Not Vulnerable
- Apple A11
- Apple A14 and newer generations
The researchers found that later-generation devices implement stronger protections through proper configuration of Apple’s DMA Address Remapping Table (DART), preventing practical exploitation.
Similarities to the Famous checkm8 Exploit
Security researchers have compared usbliter8 to checkm8, the landmark BootROM exploit that impacted Apple devices from the A5 through A11 chip generations.
Like checkm8, the new exploit targets immutable code that forms part of the device’s secure boot process.
Although the Secure Enclave Processor (SEP) is not directly compromised, researchers warn that successful exploitation could weaken overall device security and potentially expand attack opportunities against protected components.
Why BootROM Vulnerabilities Matter
BootROM is the first code executed when an Apple device powers on and serves as the foundation of the device’s chain of trust.
A successful attack at this level can undermine security protections that operate higher in the software stack.
While exploiting BootROM vulnerabilities typically requires physical access or specialized equipment, such flaws remain among the most serious security issues because they cannot be completely patched after a device leaves the factory.
Key Takeaway
Apple’s latest security updates highlight two growing areas of concern: Bluetooth device security and hardware-level vulnerabilities.
The Beats Studio Buds flaw demonstrates how wireless devices can become targets for nearby attackers, while the newly disclosed usbliter8 research shows that even modern Apple chips remain susceptible to sophisticated hardware exploitation techniques.
Users should update affected Beats devices immediately and remain aware that hardware-level vulnerabilities often require upgrading to newer hardware generations for complete protection.
