Apple just updated the Beats Studio Buds to fix a major Bluetooth security flaw

Apple’s Beats Studio Buds 2021 wireless earbuds are receiving a new firmware update, which addresses a major security vulnerability related to their Bluetooth connectivity. According to the company, this vulnerability could potentially allow an attacker to listen using the microphones built into the headphones. The update began rolling out on June 16 and brings the firmware for these wireless earbuds to version 1B211.

Although Apple mentions that the security vulnerability is part of “open source code”, which affects the company’s software. However, more specifically, the vulnerability, dubbed CVE-2025-20701, is part of the Airoha Bluetooth audio SDK. Apple is likely using this SDK for the Beats Studio Buds firmware, as these earbuds leverage the MT2821A, which is a low-power Bluetooth audio chip developed by MediaTek-owned Airoha. CVE-2025-20701 can be exploited when Beats headphones are unpaired and actively searching for devices to pair. However, for this to work, the attacker must be within Bluetooth range.

The CVE-2025-20701 vulnerability was discovered by researchers at a cybersecurity company, ERNW, and first reported in June 2025, with further disclosure in December of the same year. It allows an attacker within Bluetooth range to connect to a victim’s headphones without their consent, then use the connection to establish two-way audio connections. These connections can then be used to listen to audio captured by the earphone microphones or send audio for playback, among other things. Researchers rated the vulnerability as non-critical and added that it required highly technical skills to establish an unauthorized connection, according to a report from Bleeping Computer.

Apple, however, only mentions the eavesdropping aspect in its Beats Studio Buds security bulletin. More importantly, the Beats Studio Buds aren’t the only pair of wireless earbuds affected, and earbuds from Sony, Bose, JBL, Marshall, Jabra, and others using the same chip are also believed to be affected, and many have already been repaired. Apple also released new firmware 8B41 for the AirPods Pro 2 and AirPods Pro 3, but it doesn’t include the fix for CVE-2025-20701 because those leverage Apple’s proprietary audio silicon.

Beats Studio Buds firmware updates are automatically delivered when your earbuds are actively paired with an Apple device (such as an iPhone or Mac), charging or fully charged, and placed in the case with the lid closed. Depending on your Internet connection, the firmware update may take up to 30 minutes. If you’re using Beats Studio Buds with an Android device, make sure the earbuds are turned on and paired with the device, then open the Beats app. If an update is available, you will see the Update button in the app; press it to trigger the process.

You can confirm the update by checking the firmware version of your Beats Studio Buds. You can find it by going to your iPhone or iPad’s settings and tapping the name of your headphones at the top of the menu. Next, go to About and view the firmware version in a section called Under the Hood.