Bluetooth Vulnerability Exposes macOS, iOS, Linux, and Android Devices
The vulnerability only requires a basic Bluetooth adapter to exploit.
- A Bluetooth authentication bypass vulnerability has been found to allow malicious actors to run arbitrary commands on Apple, Android, and Linux devices.
- The flaw, CVE-2023-45866, is easy to exploit with a standard Bluetooth adapter to leverage unauthenticated pairing mechanisms.
A high-severity Bluetooth vulnerability has been found by a software engineer at drone tech firm SkySafe. The security flaw allows malicious actors to make unauthorized connections to Linux, Android, and Apple devices to run arbitrary commands. The flaw has been reported to Google, Apple, and Bluetooth SIG.
Known as CVE-2023-45866, the vulnerability bypasses the authentication system of Bluetooth systems. It connects to any discoverable host to easily inject keystrokes on the infiltrated device with the help of a standard Bluetooth adapter. Essentially, the flaw fools the targeted device into believing it is connected to a Bluetooth keyboard through an unauthenticated pairing mechanism.
Consequently, malicious actors in proximity to vulnerable devices can simply inject keystrokes, allowing for the installation of apps and the operation of arbitrary code. The attack does not require specialized hardware to work either.
See More: 7 Million Profiles Accessed in 23andMe Hack
The vulnerability potentially affects numerous devices that run on Android, iOS, Linux, and macOS. This flaw also works on Apple devices that are on LockDown Mode, a key Apple security feature.
According to Google, the vulnerability could result in privilege escalation threats, and fixes were available to OEMs for devices running Android versions 11 through 14. Pixel devices, in particular, are expected to be patched in December updates.
What best practices do you use to prevent digital threats? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
- Microsoft Announces Major Security Leadership Change as it Replaces its Longtime CISO
- Apple Makes First Move In AI, Even as Google Launches Gemini Model
- Meta and IBM Lead Alliance To Challenge Artificial Intelligence Leaders
- Elon Musk’s xAI is Raising $1B as OpenAI’s Advanced Models Integrate With Copilot