Two distinct Apple hardware-layer vulnerability clusters are disclosed this week: CVE-2025-20701/20700/20702 (Airoha Bluetooth Audio SDK) enable a physically proximate attacker to access the microphone on Beats Studio Buds without completing Bluetooth pairing, enabling covert eavesdropping; separately, a BootROM exploit (‘usbliter8’, CVE pending) targeting A12/A13 chip devices is permanently unpatchable via software and threatens secure boot chain integrity, Secure Enclave cryptographic key storage, and biometric authentication on iPhone XS through iPhone 11 series and corresponding iPad models. The BootROM component represents a device-lifetime risk for any organization deploying these devices in sensitive environments.