"Critical Bluetooth Bug Leaves Android Users Open to Attack"

Google has put out a new security update to address a critical flaw that researchers found in Android’s Bluetooth implementation.  The flaw allows remote code execution without user interaction.  The vulnerability is called CVE-2020-002 and affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0).  Two-thirds of Android devices in use have this flaw, which is why it is rated critical.  No user interaction is needed to exploit the flaw, an adversary only needs to know the Bluetooth MAC address of the target, and can use the flaw to obtain personal data or distribute malware.  

WeLiveSecurity reports: "Critical Bluetooth Bug Leaves Android Users Open to Attack"