Headline
CVE-2023-45866: Bluetooth Technology Website | The official website of Bluetooth technology.
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
INTRODUCING
Bluetooth® NLC
The only full-stack standard for wireless lighting control
Develop with Bluetooth® Technology
01. Join
01. Join
Join thousands of the world’s most innovative companies developing Bluetooth® products and influencing the future direction of Bluetooth technology.
Find Out More
02. Build
02. Build
Find resources to help you build and test your Bluetooth® product.
Find Out More
03. Qualify
03. Qualify
All products that use Bluetooth® technology must complete the product qualification process. It ensures global interoperability and further strengthens the Bluetooth brand.
Find Out More
04. Brand
04. Brand
You’ve qualified your Bluetooth® product. Now what? It’s time to make sure it’s properly branded.
Use the Bluetooth Brand
Featured
Find out how this new Bluetooth® capability will deliver life-changing audio experiences that will enhance the way you engage with others and the world around you.
What’s New?
Bluetooth® Electronic Shelf Label
Discover how a new Bluetooth® standard for the electronic shelf label market will help unlock the next phase in retail digital transformation
The Bluetooth® Range Estimator
Calculate the expected range between two Bluetooth® devices
NEW USE CASE
Bluetooth® Electronic Shelf Labels
Discover how a new Bluetooth® standard for the electronic shelf label market will help unlock the next phase in retail digital transformation
UPCOMING FEATURES
Bluetooth LE in Higher Frequency Bands
Discover how a new spectrum expansion project will help pave the way for the next generation of Bluetooth innovation
Higher Data Throughput
Find out more about a project to address the growing market need to enhance the performance of IoT devices
High Accuracy Distance Measurement
Get involved in a project to enable the creation of Bluetooth® locating systems that can provide even higher levels of accuracy
FEATURED TOOL
The Bluetooth® Range Estimator
Calculate the expected range between two Bluetooth® devices
Latest Resources
Bluetooth Location Services
See 8 use cases for enhancing building efficiencies and creating a better visitor experience, discover new data that supports the latest trends and forecasts, and find out what’s driving the rapid adoption of location services solutions.
Learn More
Lighting as a Platform
See how connected lighting systems are being used as a platform to enable advanced building services like wayfinding, asset tracking, and space utilization to improve the ROI of smart building investments.
Learn More
Related news
By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.
Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.
Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.
Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
By Waqas Another day, another Bluetooth vulnerability impacting billions of devices worldwide! This is a post from HackRead.com Read the original post: Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS
Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.