Apple Patches Beats Studio Buds Bluetooth Spy Flaw as Unpatchable A12/A13 Exploit Emerges

Apple has released a firmware update for its Beats Studio Buds wireless earbuds to remediate a high-severity Bluetooth vulnerability, tracked as CVE-2025-20701, that allowed nearby attackers to silently activate the device's microphone without user consent. The flaw, which carries a CVSS score of 8.8, stems from an incorrect authorization issue in the Airoha Bluetooth audio SDK and permits a malicious actor within Bluetooth range to pair with an unpaired device seeking connection requests and eavesdrop on its surroundings. Apple addressed the issue in Beats Firmware Update 1B211, and Jabra issued similar patches for its own affected products in December 2025.

The vulnerability was first disclosed in June 2025 by ERNW GmbH researchers Dennis Heinze and Friedersteinmetz at the TROOPERS security conference in Germany, alongside two related flaws in Airoha SoCs (CVE-2025-20700 and CVE-2025-20702). According to the researchers, the vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE) without any authentication or pairing, enabling attackers to read and write device RAM and flash memory. "In most cases, these vulnerabilities allow attackers to fully take over the headphones via Bluetooth," the researchers noted, adding that the capabilities also allow hijacking of established trust relationships with paired devices such as a user's smartphone. Users concerned about their broader device exposure can run a privacy checkup to audit their network and connection posture.

In a separate disclosure, European cybersecurity firm Paradigm Shift revealed a novel iPhone SecureROM (BootROM) vulnerability, dubbed "usbliter8," affecting Apple's A12 and A13 chips. The exploit combines a hardware bug in the USB controller with a specific firmware configuration flaw, allowing an attacker to trigger a buffer underflow primitive during data transfer and inject malicious code for execution. Because the vulnerability resides in immutable boot ROM code, it cannot be patched through software updates, leaving affected users with no option but to migrate to newer hardware. The A11 chip is not affected, and the issue is believed to be rooted in the USB controller hardware itself rather than Apple's software stack.

Together, the two disclosures underscore the widening attack surface across Apple's ecosystem, from consumer peripherals to the silicon underpinning its mobile devices. With Bluetooth-based attacks requiring only physical proximity, users should verify that all wearable devices are running the latest firmware and minimize the time their devices spend in discoverable or pairable mode. Security teams monitoring for signs of compromise can use a port scanner to audit connected endpoints and detect unexpected open services that could indicate unauthorized access attempts on their networks.