Bluetooth Authentication Flaw in Beats Studio Buds (CVE‑2025‑20701) Could Turn Earbuds into a Wiretap
What Happened — A vulnerability in the Airoha system‑on‑chip used by Apple’s Beats Studio Buds (CVE‑2025‑20701) allowed an unauthenticated Bluetooth device in pairing mode to connect, extract pairing keys, and capture audio through the earbuds’ microphone. Apple issued firmware update 1B211, which is pushed automatically when the buds are near a paired iPhone, iPad or Mac.
Why It Matters for Compliance & Audit Readiness —
- The flaw highlights a control gap in device‑level authentication that SOC 2 audits expect to be mitigated, monitored, and evidenced (Security principle, CC6.1).
- Continuous proof that firmware patches are applied and that Bluetooth pairing controls remain compliant is essential for a defensible audit trail.
- Verisq’s Control Mapping capability can automatically map this Bluetooth authentication control to SOC 2 requirements and collect the remediation evidence you need for audit readiness.
Who Is Affected — Consumer‑electronics manufacturers, enterprises that provision Bluetooth audio to employees, and any organization that relies on Apple‑ecosystem devices for voice‑enabled workflows.
Recommended Actions — Verify that all Beats Studio Buds are running firmware 1B211 or later, record the patch status in your asset inventory, map the Bluetooth pairing control to SOC 2 CC6.1, and retain update logs as audit evidence. Source: https://www.malwarebytes.com/blog/bugs/2026/06/apple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap
Technical Notes — The vulnerability resides in the Bluetooth authentication handshake of Airoha SoCs (CVE‑2025‑20701). Exploitation requires physical proximity, a device in pairing mode, and crafted Bluetooth packets. Successful abuse could expose microphone audio, pairing keys, contacts, and enable call hijacking or voice‑assistant activation. Source: same link