"New Bluetooth Flaw Lets Hackers Take Over Android, Linux, macOS, and iOS Devices"

Threat actors could use a critical Bluetooth security flaw to take control of Android, Linux, macOS, and iOS devices. The vulnerability, tracked as CVE-2023-45866, is a case of authentication bypass that allows attackers to connect to vulnerable devices and inject keystrokes to conduct code execution as the victim. According to security researcher Marc Newlin, who disclosed the issue to software vendors in August 2023, multiple Bluetooth stacks have authentication bypass flaws that enable attackers to connect to a discoverable host without user confirmation as well as inject keystrokes. The attack tricks the target device into thinking it is connected to a Bluetooth keyboard by exploiting an "unauthenticated pairing mechanism" defined in the Bluetooth specification. This article continues to discuss the potential exploitation and impact of the new Bluetooth vulnerability.

THN reports "New Bluetooth Flaw Lets Hackers Take Over Android, Linux, macOS, and iOS Devices"

Submitted by grigby1

Submitted by Gregory Rigby on