Full Report
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.
Analysis Summary
# Vulnerability: Unauthorized Bluetooth Pairing in Beats Studio Buds (Airoha SDK)
## CVE Details
- **CVE ID:** CVE-2025-20701
- **CVSS Score:** 8.8 (High)
- **CWE:** CWE-285 (Incorrect Authorization) / CWE-863 (Incorrect Authorization)
## Affected Systems
- **Products:** Beats Studio Buds (utilizing Airoha Bluetooth audio SDK).
- **Versions:** Firmware versions prior to 10M11039.
- **Configurations:** Devices within Bluetooth range of an attacker.
## Vulnerability Description
The flaw originates from an incorrect authorization mechanism within the Airoha Bluetooth audio SDK. This vulnerability allows a remote attacker in physical proximity to bypass standard pairing protocols. Specifically, the flaw enables the unauthorized pairing of a Bluetooth audio device without the explicit consent or interaction of the user, effectively hijacking the audio stream.
## Exploitation
- **Status:** Not reported as exploited in the wild at this time.
- **Complexity:** Low (requires proximity but no user interaction).
- **Attack Vector:** Adjacent (Bluetooth range).
## Impact
- **Confidentiality:** High (Attacker can eavesdrop on private conversations and audio).
- **Integrity:** Medium (Attacker may be able to inject audio/voice commands).
- **Availability:** Low (Potential to disrupt legitimate connection).
## Remediation
### Patches
- **Beats Studio Buds:** Update firmware to version **10M11039** or later.
- *Note: Firmware updates for Beats earbuds typically occur automatically when the earbuds are connected to an iOS or macOS device via Bluetooth.*
### Workarounds
- **Physical Security:** Disconnect or unpair devices when in high-risk, public environments until the firmware is updated.
- **Bluetooth Management:** Ensure connected host devices (iPhones/Androids) are running the latest OS versions to facilitate the delivery of the firmware patch.
## Detection
- **Indicators of compromise:** Unusual or unrecognized Bluetooth devices appearing as "paired" or "connected" in the smartphone's Bluetooth settings.
- **Detection methods:** Users should manually verify their current firmware version in the "Bluetooth" info settings on their mobile device to ensure they are on version 10M11039 or higher.
## References
- Apple Security Advisory: hxxps[://]support[.]apple[.]com/en-us/HT201222
- Airoha Technology: hxxps[://]www[.]airoha[.]com/
- CVE Repository: hxxps[://]cve[.]mitre[.]org/cgi-bin/cvename[.]cgi?name=CVE-2025-20701