Overview
- Apple issued firmware 1B211 for Beats Studio Buds to close a vulnerability that could let an attacker in Bluetooth range access the earbuds' microphone.
- The flaw only applied when Studio Buds were not paired and were actively accepting pairing requests, which narrowed the real-world attack window.
- The bug traces to open-source Bluetooth code and is tracked as CVE-2025-20701, credited to ERNW researchers Dennis Heinze and Frieder Steinmetz.
- Users receive the fix automatically when Studio Buds are paired, placed in their charging case and kept in Bluetooth range of an iPhone, iPad, or Mac, and Android users can update via the Beats app; there is no supported manual 'update now' option.
- Owners should check their Bluetooth settings to confirm firmware 1B211 is installed and keep earbuds paired and charging until the update appears because the same open-source flaw could affect other devices if not patched.