Hackers Could Listen Through Your Earbuds, Apple Just Patched One Brand
A Bluetooth flaw in a chip used by dozens of audio brands lets attackers eavesdrop nearby
Apple shipped a fix for Beats Studio Buds this week — but the same chip is inside earbuds from many other companies
A new bluetooth earbuds vulnerability made the rounds this week, and the headline is genuinely uncomfortable: a nearby attacker could listen through your earbuds’ microphone without ever touching them. Have you ever left your earbuds out of their case, lying on a desk, still searching for a pairing? That’s when the attack works.
On June 18, Apple released a firmware update for its Beats Studio Buds to patch the issue, which is tracked as CVE-2025-20701. The patch matters, but the bigger story is what it implies. The flaw lives in a Bluetooth chip made by Airoha, a subsidiary of MediaTek, that’s used in wireless earbuds from many other brands too. Apple patched one product. The chip itself ships in countless others.
Here’s what the vulnerability actually does, who’s at real risk, and the practical steps to take if you own wireless earbuds — even ones Apple didn’t make.
An attacker within Bluetooth range
could listen through a device’s microphone before it’s even paired
Incorrect authorization flaw
typical Bluetooth range
across major audio brands
read RAM, even dial out
The flaw is in a chip, not just in Apple’s product
The causeThe vulnerability sits in the Airoha Bluetooth audio SDK — software running on chips made by Airoha, a MediaTek subsidiary. These chips are widely used across the true wireless stereo (TWS) earbud market, supplied to many audio brands rather than just one. Apple’s Beats Studio Buds happen to be one product affected; they’re not the only product on the market that uses Airoha silicon.
Researchers Dennis Heinze and Frieder Steinmetz of the German cybersecurity firm ERNW originally disclosed the flaw, along with two related issues, at the TROOPERS security conference in 2025. The CVE was formally assigned, and Apple’s June 18 advisory finally pushed a fix to its Beats line. Beats Firmware Update 1B211 is the patched version.
For owners of earbuds from other brands using the same chip, the situation depends on how quickly each manufacturer ships its own firmware update. The fix is technically straightforward — but only after a vendor publishes and pushes it.
If you own a recent pair of wireless earbuds, search the manufacturer’s support site for “Airoha” or “CVE-2025-20701” to see whether your product is affected and whether a firmware update has been issued.
The attack works without pairing, password, or warning
How it worksThe flaw is technically described as a missing authentication weakness in the Bluetooth BR/EDR radio. In practical terms, an attacker within Bluetooth range can connect to a vulnerable pair of earbuds while they’re actively searching for a pairing, without needing the owner’s password, PIN, or any prior link. Once connected, the attacker can access audio-related services — including the microphone.
This works because the chip mishandles authentication during the pairing handshake. ERNW’s published demonstrations showed attackers initiating calls, eavesdropping on nearby conversations, retrieving call history, and even reading the device’s memory after chaining together the related CVEs (CVE-2025-20700 and CVE-2025-20702).
The realistic attacker profile is someone with specialized knowledge, custom tooling, and physical proximity — not a casual hacker on a coffee shop Wi-Fi. But the researchers explicitly noted that the flaws pose a real risk to high-value targets like journalists, executives, government officials, and anyone who routinely discusses sensitive information near a pair of unpatched earbuds.
The exposure window is when earbuds are out of the case and actively seeking a pairing partner. Keeping them in the charging case when not in use is a simple, effective reduction of the attack surface.
Apple’s fix is automatic, but only if you do this
Practical stepsFor Beats Studio Buds owners specifically, the fix is Beats Firmware Update 1B211, and it ships automatically over Bluetooth when the earbuds are paired with — and within Bluetooth range of — an updated iPhone, iPad, or Mac. You don’t need to manually trigger anything, but you do need to actually use your earbuds with a paired Apple device for the update to install.
To verify the patch is installed, go to Bluetooth settings on your iPhone or iPad (or System Settings → Bluetooth on a Mac), tap the info button next to your Beats Studio Buds, and check the firmware version. If it doesn’t show 1B211, put the earbuds in their case, place the case on a charger, and keep the paired Apple device nearby. The update typically completes in the background within a few hours.
If you’ve been using your Beats Studio Buds only with non-Apple devices, the firmware push may not have reached them. Pairing them once to an updated iPhone or Mac is the simplest way to get the patch delivered.
Check the firmware version in Bluetooth settings. Anything below 1B211 means the patch hasn’t installed yet. Charge in case, keep an Apple device nearby, and wait for the auto-update.
The bigger issue is supply chain transparency
What it revealsThe deeper story isn’t really about one set of earbuds. It’s about the fact that most consumers have no way to know what chip is inside their wireless audio devices, who supplied it, or how quickly the brand they bought from will respond when a flaw is found in that supplier’s silicon.
Airoha chips are a widely-used standard in budget and mid-tier TWS earbuds. A vulnerability in their SDK potentially affects products from many brands, but tracking down which exact models are vulnerable, and which have shipped patches, requires technical knowledge most buyers don’t have. There’s no centralized registry, no consumer-friendly dashboard, no automatic warning.
This pattern — one vulnerable component, dozens or hundreds of affected products, patches that arrive at different speeds — is becoming the default in consumer electronics security. Bluetooth, smart home devices, and even some smart appliances all share the same structural problem.
Before buying wireless earbuds in the future, look for brands that publish security advisories and ship firmware updates routinely. It’s not glamorous, but it’s the single most predictive sign of how a vendor will handle the next disclosed flaw.
ERNW researchers disclose the flaw
Dennis Heinze and Frieder Steinmetz of ERNW GmbH present three related Bluetooth vulnerabilities in Airoha SoCs at the TROOPERS security conference in Germany.
Testing toolkit goes public
Researchers publish a testing toolkit and technical documentation, demonstrating how affected devices could be impersonated, used to trigger voice assistants, and abused for eavesdropping.
Apple ships Beats Firmware Update 1B211
Apple’s advisory confirms an attacker within Bluetooth range could listen through the microphone of a Beats Studio Buds device actively searching for pairing. Patch rolls out automatically via paired Apple devices.
Other vendors still under review
The same Airoha SDK ships in many other earbud brands. Each manufacturer is on its own timeline to ship a fix; some have, many haven’t issued public updates yet.
Wireless earbuds are a textbook example of how the modern consumer electronics supply chain hides risk. A buyer looks at a brand name, a logo, and a price tag. The actual silicon inside — the part most likely to have security flaws — is sourced from a small number of upstream suppliers most consumers have never heard of. When a flaw appears in that supplier’s code, every downstream brand inherits the problem, but each brand patches at its own speed.
This Bluetooth earbuds vulnerability is a relatively benign case. The realistic threat model is high-value targeted attacks rather than mass exploitation, and the patch is genuinely available for at least one major affected product. But the structural pattern — one vulnerable chip, many affected products, fragmented patching — is the same one that’s caused much bigger problems in IoT devices, smart cameras, and connected appliances over the past decade.
The reasonable consumer response isn’t paranoia. It’s a habit shift: keep earbuds in their case when unused, register your devices for firmware updates, and learn which brands actually publish security advisories versus which silently ignore them. The brands that publish are not necessarily the most popular ones — but they’re consistently the ones that ship patches when problems are found.