Apple Just Updated The Beats Studio Buds To Fix A Major Bluetooth Security Flaw

Apple's 2021 Beats Studio Buds wireless headphones are receiving a new firmware update, which patches a major security vulnerability related to their Bluetooth connectivity. The vulnerability, according to the company, could potentially allow an attacker to listen in using the microphones built into the earbuds. The update started rolling out on June 16 and takes the firmware of these wireless earbuds to version 1B211.

Although Apple mentions the security vulnerability to be a part of "open source code," which affects the company's software. However, more accurately, the vulnerability, which is dubbed CVE-2025-20701, is part of the Airoha Bluetooth audio SDK. Apple likely uses this SDK for the Beats Studio Buds firmware because these earbuds leverage the MT2821A, which is a low-power Bluetooth audio chip developed by MediaTek-owned Airoha. CVE-2025-20701 can be exploited when the Beats headphones aren't paired and actively looking for devices for pairing. However, for it to work, the attacker would need to be in Bluetooth range.

The CVE-2025-20701 vulnerability was discovered by researchers at a cybersecurity company, ERNW, and first reported back in June 2025, with more disclosure in December of the same year. It allows an attacker in Bluetooth range to connect to a victim's earbuds without their consent and then use the connection to establish two-way audio connections. These connections can then be used to listen in to the audio being captured by the earbuds' microphones or send audio for playback, among other things. The researchers called the vulnerability non-critical and added that it required highly technical skills to make the unauthorized connection, according to a report by Bleeping Computer.

Apple, however, only mentions the eavesdropping aspect in its security bulletin for Beats Studio Buds. More importantly, the Beats Studio Buds aren't the only pair of wireless earbuds impacted by this, and headphones from Sony, Bose, JBL, Marshall, Jabra, and others using the same chip are also said to be affected, and many have already been fixed. Apple also released new 8B41 firmware for AirPods Pro 2 and AirPods Pro 3, but it doesn't include the patch for CVE-2025-20701, as these leverage Apple's proprietary audio silicon.

The Beats Studio Buds firmware updates are automatically delivered while your headphones are actively paired with an Apple device (such as an iPhone or Mac), charging or fully charged, and placed in the case with the lid closed. Depending on your internet connection, it can take up to 30 minutes for the firmware update to complete. If you're using the Beats Studio Buds with an Android device, make sure the earbuds are turned on and paired with the device, and then open the Beats app. If an update is available, you'll see the Update button in the app; tap it to trigger the process.

You can confirm the update by checking the firmware version of your Beats Studio Buds. You can find it by going to Settings on your iPhone or iPad and tapping on the name of your earbuds at the top of the menu. Then, navigate to About and look at the firmware version in a section called Under the Hood.