Apple has pushed a firmware fix for Beats Studio Buds after researchers found a serious Bluetooth bug that could let someone nearby impersonate a previously paired device and tap into microphone audio. The flaw, tracked as CVE-2025-20701 and rated 8.8 out of 10, turned what should have been trusted Bluetooth handshakes into a convenient invitation for eavesdropping.
The update arrives as the Bluetooth accessory market keeps running into the same problem: once a wireless feature is designed to be frictionless, attackers start looking for places where trust is assumed instead of verified. Apple says the fix is now bundled into Beats Firmware Update 1B211, which installs automatically when the headphones connect to an iPhone, iPad, or Mac.
What the Beats Studio Buds Bluetooth bug allowed
The flaw lived in Bluetooth chipset firmware and came down to weak authentication. In practice, that meant an attacker within Bluetooth range could spoof an already paired device and, under the right conditions, intercept audio from the earbuds’ microphone. Researchers showed the attack working when the earbuds were in search or waiting-for-connection mode, which is exactly the sort of sleepy state users do not think about until it is too late.
That is the uncomfortable part: the target does not need to be hacked over the internet, only stood near. This class of bug is much harder to exploit at scale than a phishing campaign, but it is also more intimate, because the threat sits in the same room.
How to check the Beats Studio Buds firmware version
Apple says the firmware update is delivered automatically once the headphones are connected to compatible Apple devices. Users can verify the installed version in Bluetooth settings, which is the unglamorous but effective way to see whether the patch has landed.
- Firmware: Beats Firmware Update 1B211
- Devices: Beats Studio Buds
- Update path: automatic after connection to iPhone, iPad, or Mac
- Check: Bluetooth settings
A broader Bluetooth cleanup
The issue is part of a wider wave of Bluetooth chipset problems tied to Airoha Systems hardware. After researchers Dennis Heinze and Frieder Steinmetz disclosed the findings, manufacturers started shipping fixes at speed, with Jabra among the first named publicly and reports also pointing to updates for Bose and JBL.
There is a familiar pattern here: one chipmaker’s bug becomes a whole-industry patch cycle. That is not unusual in consumer audio, where many brands buy the same underlying components, and it explains why a single research disclosure can ripple through products from Sony, Nothing, JBL, OnePlus, and Google too.
Why security teams still tell people to turn Bluetooth off
Researchers say the more advanced attacks still require close physical proximity and serious technical skill, which is why mass abuse has not been seen. But the advice from security specialists is boring for a reason: if you are not using Bluetooth, switch it off. It shrinks the attack surface, and unlike a firmware patch, it does not depend on anyone else getting around to doing their part.
The bigger question is whether accessory makers will keep treating Bluetooth security as a maintenance task or start treating it like a headline feature. Given how often these flaws keep showing up, my money is on more patches before the industry finds a cleaner answer.