Apple rolls out security update for headphones Beats Studio Buds. It follows the discovery of a vulnerability by security researchers Dennis Heinze and Frieder Steinmetz of ERNW. She had been revealed a year ago.
The flaw does not come directly from Apple. It is linked to a third-party component, the Airoha SoC used in many Bluetooth audio devices. The defect echoes a lack of authentication in the protocol Bluetooth BR/EDR (Basic Rate / Enhanced Data Rate).
How widespread was the threat?
The fault CVE-2025-20701 allowed ” an attacker within Bluetooth range to listen through the microphone of a device that is not yet paired and is actively looking for pairing requests “, explains Apple in its security advisory.
ERNW researchers demonstrated the feasibility of the attack with a proof of concept capable of initiating a call for listen to surrounding conversations. The only prerequisite is physical proximity.
The researchers warned that by combining this flaw with two other vulnerabilities (CVE-2025-20700 and CVE-2025-20702) affecting the same Airoha component, the possibilities expand considerably, up to taking control of the headphones via Bluetooth, without requiring any authentication.
Risks with the software supply chain
In version 1B211the Beats Studio Buds firmware update is deployed automatically when the headphones are connected to an iPhone, iPad or Mac and within Bluetooth range. It is possible to check the firmware version in the device’s Bluetooth settings.
The fix by Apple follows similar fixes released by other manufacturers several months ago. However, researchers believe that real attacks are complex to carry out. A priori, they would, if necessary, target high-value targets. A general recommendation remains to turn off Bluetooth when not in use.
Apple emphasizes that the vulnerability comes from open source code, and that Apple Software is among the affected projects. A further demonstration of the complexity of the supply chain.
