HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Bluetooth Authentication Flaw in Beats Studio Buds (CVE-2025-20701) Enables Potential Wiretap

A Bluetooth authentication vulnerability (CVE‑2025‑20701) in Beats Studio Buds could allow nearby attackers to capture audio and extract pairing keys. Apple has released firmware 1B211 to patch the issue. The flaw underscores the need for continuous control monitoring and audit evidence for SOC 2 compliance.

LiveThreat™ Intelligence · 📅 June 20, 2026· 📰 malwarebytes.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Bluetooth Authentication Flaw in Beats Studio Buds (CVE‑2025‑20701) Could Turn Earbuds into a Wiretap

What Happened — A vulnerability in the Airoha system‑on‑chip used by Apple’s Beats Studio Buds (CVE‑2025‑20701) allowed an unauthenticated Bluetooth device in pairing mode to connect, extract pairing keys, and capture audio through the earbuds’ microphone. Apple issued firmware update 1B211, which is pushed automatically when the buds are near a paired iPhone, iPad or Mac.

Why It Matters for Compliance & Audit Readiness

  • The flaw highlights a control gap in device‑level authentication that SOC 2 audits expect to be mitigated, monitored, and evidenced (Security principle, CC6.1).
  • Continuous proof that firmware patches are applied and that Bluetooth pairing controls remain compliant is essential for a defensible audit trail.
  • Verisq’s Control Mapping capability can automatically map this Bluetooth authentication control to SOC 2 requirements and collect the remediation evidence you need for audit readiness.

Who Is Affected — Consumer‑electronics manufacturers, enterprises that provision Bluetooth audio to employees, and any organization that relies on Apple‑ecosystem devices for voice‑enabled workflows.

Recommended Actions — Verify that all Beats Studio Buds are running firmware 1B211 or later, record the patch status in your asset inventory, map the Bluetooth pairing control to SOC 2 CC6.1, and retain update logs as audit evidence. Source: https://www.malwarebytes.com/blog/bugs/2026/06/apple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap

Technical Notes — The vulnerability resides in the Bluetooth authentication handshake of Airoha SoCs (CVE‑2025‑20701). Exploitation requires physical proximity, a device in pairing mode, and crafted Bluetooth packets. Successful abuse could expose microphone audio, pairing keys, contacts, and enable call hijacking or voice‑assistant activation. Source: same link

📰 Original Source
https://www.malwarebytes.com/blog/bugs/2026/06/apple-patches-beats-studio-buds-flaw-that-could-turn-earbuds-into-a-wiretap

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →