Ethical Hacking News
Apple has issued a firmware update for its Beats Studio Buds wireless earbuds to address a critical vulnerability that could allow nearby attackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701, refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK.
Apple has issued a firmware update for Beats Studio Buds to address a critical Bluetooth vulnerability (CVE-2025-20701) that could allow eavesdropping on users. A novel iPhone SecureROM vulnerability was discovered by Paradigm Shift, impacting A12 and A13 chips, leveraging a hardware bug in the USB controller and specific firmware configuration flaw. The vulnerabilities can be triggered via Bluetooth BR/EDR or BLE, allowing attackers to fully take over headphones without user consent. Users are advised to migrate to newer hardware as a mitigation, highlighting the importance of security checks in seemingly secure devices.
Apple has recently issued a firmware update for its Beats Studio Buds wireless earbuds to address a critical vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 and with a CVSS score of 8.8, refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK. This flaw allows an attacker within Bluetooth range to pair a Bluetooth audio device without user consent.
According to Apple's advisory released this week, "An attacker within Bluetooth range may be able to listen through the microphone of a device which is not yet paired and actively seeking pair requests." The issue has been addressed in Beats Firmware Update 1B211. ERNW GmbH researchers Dennis Heinze and Frieder Steinmetz first emerged details of the vulnerability in June 2025, flagging it alongside two other flaws in Airoha SoCs (CVE-2025-20700 and CVE-2025-20702) at the TROOPERS security conference in Germany.
In most cases, these vulnerabilities allow attackers to fully take over the headphones via Bluetooth. No authentication or pairing is required. The vulnerabilities can be triggered via Bluetooth BR/EDR or Bluetooth Low Energy (BLE). Being in Bluetooth range is the only precondition. It is possible to read and write the device's RAM and flash. These capabilities also allow attackers to hijack established trust relationships with other devices, such as the phone paired to the headphones.
Similarly, a novel iPhone SecureROM vulnerability was discovered by Paradigm Shift, impacting Apple's A12 and A13 chips. The disclosure comes as a proof-of-concept (PoC) exploit codenamed usbliter8 was discovered, leveraging both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware.
The problem, Paradigm Shift noted, is likely rooted in the USB controller hardware itself, not in Apple's software. The A11 chip is not susceptible to the vulnerability, while A12 and A13 are confirmed to be susceptible. The usbliter8 exploit is comparable to checkm8, the publicly known BootROM exploit of this kind that impacted all iOS devices ranging from iPhone 4s (A5 chip) to iPhone 8 and iPhone X (A11 chip).
"This exploit demonstrates that even on more recent SecureROM generations, including those protected by Pointer Authentication, subtle hardware bugs can still be leveraged to achieve full code execution and break the chain of trust," Paradigm Shift said. "The security of the BootROM is critical: vulnerabilities at this level can compromise the integrity of the entire device."
In light of these new vulnerabilities, users are advised to migrate to newer hardware as a mitigation. The disclosure serves as a reminder that even seemingly secure devices can have hidden flaws that can be exploited by hackers.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Vulnerability-Exposed-The-Airoha-Bluetooth-Audio-SDK-Flaw-Affecting-Apples-Beats-Studio-Buds-ehn.shtml
https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html
https://nvd.nist.gov/vuln/detail/CVE-2025-20700
https://www.cvedetails.com/cve/CVE-2025-20700/
https://nvd.nist.gov/vuln/detail/CVE-2025-20701
https://www.cvedetails.com/cve/CVE-2025-20701/
https://nvd.nist.gov/vuln/detail/CVE-2025-20702
https://www.cvedetails.com/cve/CVE-2025-20702/
Published: Fri Jun 19 02:20:20 2026 by llama3.2 3B Q4_K_M
