New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Units

on

|

views

and

comments

[ad_1]

Dec 07, 2023The Hacker InformationCell Safety / Vulnerability

Bluetooth Flaw

A vital Bluetooth safety flaw might be exploited by menace actors to take management of Android, Linux, macOS and iOS units.

Tracked as CVE-2023-45866, the problem pertains to a case of authentication bypass that permits attackers to hook up with vulnerable units and inject keystrokes to attain code execution because the sufferer.

“A number of Bluetooth stacks have authentication bypass vulnerabilities that let an attacker to hook up with a discoverable host with out consumer affirmation and inject keystrokes,” mentioned safety researcher Marc Newlin, who disclosed the failings to the software program distributors in August 2023.

Particularly, the assault deceives the goal machine into pondering that it is related to a Bluetooth keyboard by benefiting from an “unauthenticated pairing mechanism” that is outlined within the Bluetooth specification.

Profitable exploitation of the flaw might allow an adversary in shut bodily proximity to hook up with a susceptible machine and transmit keystrokes to put in apps and run arbitrary instructions.

Cybersecurity

It is value declaring that the assault doesn’t require any specialised {hardware}, and might be carried out from a Linux pc utilizing an everyday Bluetooth adapter. Extra technical particulars of the flaw are anticipated to be launched sooner or later.

The vulnerability impacts a variety of units working Android (going again to model 4.2.2, which was launched in November 2012), iOS, Linux, and macOS.

Additional, the bug impacts macOS and iOS when Bluetooth is enabled and a Magic Keyboard has been paired with the susceptible machine. It additionally works in Apple’s LockDown Mode, which is supposed to safe in opposition to refined digital threats.

In an advisory launched this month, Google mentioned CVE-2023-45866 “might result in distant (proximal/adjoining) escalation of privilege with no extra execution privileges wanted.”

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.



[ad_2]

Supply hyperlink

Share this
Tags

Must-read

Google Presents 3 Suggestions For Checking Technical web optimization Points

Google printed a video providing three ideas for utilizing search console to establish technical points that may be inflicting indexing or rating issues. Three...

A easy snapshot reveals how computational pictures can shock and alarm us

Whereas Tessa Coates was making an attempt on wedding ceremony clothes final month, she posted a seemingly easy snapshot of herself on Instagram...

Recent articles

More like this

LEAVE A REPLY

Please enter your comment!
Please enter your name here