A critical Bluetooth security flaw could be exploited by risk actors to choose command of Android, Linux, macOS and iOS equipment.
Tracked as CVE-2023-45866, the issue relates to a circumstance of authentication bypass that enables attackers to link to vulnerable products and inject keystrokes to reach code execution as the victim.
“Many Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to hook up to a discoverable host without the need of consumer confirmation and inject keystrokes,” claimed security researcher Marc Newlin, who disclosed the flaws to the software suppliers in August 2023.
Specially, the attack deceives the focus on gadget into pondering that it is really related to a Bluetooth keyboard by using advantage of an “unauthenticated pairing mechanism” which is defined in the Bluetooth specification.
Productive exploitation of the flaw could permit an adversary in shut physical proximity to hook up to a susceptible device and transmit keystrokes to put in applications and run arbitrary instructions.
It truly is value pointing out that the attack does not demand any specialized hardware, and can be done from a Linux personal computer employing a frequent Bluetooth adapter. Added specialized aspects of the flaw are expected to be released in the foreseeable future.
The vulnerability has an effect on a large range of products jogging Android (likely back to model 4.2.2, which was produced in November 2012), iOS, Linux, and macOS.
Additional, the bug influences macOS and iOS when Bluetooth is enabled and a Magic Keyboard has been paired with the susceptible gadget. It also will work in Apple’s LockDown Mode, which is intended to secure against sophisticated electronic threats.
In an advisory introduced this month, Google claimed CVE-2023-45866 “could direct to remote (proximal/adjacent) escalation of privilege with no further execution privileges needed.”
Discovered this post intriguing? Abide by us on Twitter and LinkedIn to study extra unique content material we publish.
Some pieces of this post are sourced from: