Headline
New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. "Multiple Bluetooth stacks have authentication bypass
Mobile Security / Vulnerability
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.
Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.
“Multiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes,” said security researcher Marc Newlin, who disclosed the flaws to the software vendors in August 2023.
Specifically, the attack deceives the target device into thinking that it’s connected to a Bluetooth keyboard by taking advantage of an “unauthenticated pairing mechanism” that’s defined in the Bluetooth specification.
Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and transmit keystrokes to install apps and run arbitrary commands.
It’s worth pointing out that the attack does not require any specialized hardware, and can be performed from a Linux computer using a regular Bluetooth adapter. Additional technical details of the flaw are expected to be released in the future.
The vulnerability affects a wide range of devices running Android (going back to version 4.2.2, which was released in November 2012), iOS, Linux, and macOS.
Further, the bug affects macOS and iOS when Bluetooth is enabled and a Magic Keyboard has been paired with the vulnerable device. It also works in Apple’s LockDown Mode, which is meant to secure against sophisticated digital threats.
In an advisory released this month, Google said CVE-2023-45866 “could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago.
By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
Gentoo Linux Security Advisory 202401-3 - Multiple vulnerabilities have been discovered in Bluez, the worst of which can lead to privilege escalation. Versions greater than or equal to 5.70-r1 are affected.
Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.
Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.
Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.
By Waqas Another day, another Bluetooth vulnerability impacting billions of devices worldwide! This is a post from HackRead.com Read the original post: Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Ubuntu Security Notice 6540-1 - It was discovered that BlueZ did not properly restrict non-bonded devices from injecting HID events into the input subsystem. This could allow a physically proximate attacker to inject keystrokes and execute arbitrary commands whilst the device is discoverable.
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.