Google Unveils Solution for Restoring Deleted Google Drive Files
December 9, 2023Ransomware-as-a-Service: The Growing Threat
December 9, 2023Threat actors could use a serious Bluetooth security vulnerability to take over iOS, Android, Linux, and macOS devices.
The problem, which is being tracked as CVE-2023-45866, is related to an authentication bypass scenario where an attacker can login to vulnerable devices and use keyboard injection to execute code as the victim. In particular, the attack uses a “unauthenticated pairing mechanism” specified in the Bluetooth protocol to trick the target device into believing that it is linked to a Bluetooth keyboard.
If the issue is successfully exploited, it might allow an adversary who is physically close to the target device to connect, install programs, and execute arbitrary instructions via transmitting keystrokes. It’s important to note that the attack may be carried out from a Linux machine with a standard Bluetooth connection and doesn’t require any specific hardware. It is anticipated that more technical information about the vulnerability will soon be made public.
Numerous devices running Android (including those running version 4.2.2, which was published in November 2012), iOS, Linux, and macOS are susceptible to the issue. Additionally, when Bluetooth is turned on and a Magic Keyboard is attached with the susceptible device, the flaw impacts both macOS and iOS. It is also compatible with Apple’s LockDown Mode, which protects against advanced online threats.
Google stated that CVE-2023-45866 “may result in remote (proximal/adjacent) escalation of privilege with no additional execution privileges required” in an advisory that was published this month.