38 matches found
CVE-2025-55031 Passkey phishing within Bluetooth range
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed...
PT-2025-33876 · Mozilla · Focus For Ios +1
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 142 Focus for iOS versions prior to 142 Description: Malicious pages could exploit Firefox for iOS to pass FIDO links to the operating system, triggering the hybrid passkey transport. An attacker within...
CVE-2025-32876
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key STK can be easily guessed. This requires knowledge of the...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...
kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c
An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...
CVE-2024-2197
The Chirp Access app contains a hard-coded password, BEACONPASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable...
CVE-2024-2197 Chirp Systems Chirp Access Use of Hard-coded Password
The Chirp Access app contains a hard-coded password, BEACONPASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable...
CVE-2024-2197 Chirp Systems Chirp Access Use of Hard-coded Password
The Chirp Access app contains a hard-coded password, BEACONPASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable...
[slackware-security] bluez
New bluez packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bluez-5.71-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: It may have been possible for an attacker within Bluetoo...
CVE-2022-45192
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request...
CVE-2022-42896
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...
hardware: buffer overflow in bluetooth firmware
A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation...
CVE-2020-27639
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit...
hardware: buffer overflow in bluetooth firmware
A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation...
Code injection
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as...
kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol L2CAP, part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packe...
A Secure “Smart” Kettle?
We haven’t looked at smart kettles for a long time, mostly as the UK market leader, Smarter, fixed their security with the iKettle 3.0. So I got quite excited when a colleague pointed out the Xiaomi ‘smart’ kettle a few weeks back. It’s the first kettle with a mobile app that we’ve seen for a...
BlueBorne – Bluetooth’s airborne influenza
Armis Labs has discovered a new attack vector that targets any device that has Bluetooth capability. This includes mobile, desktop, and IoT — roughly accounting for 8.2 billion devices. All operating systems are susceptible — Android, iOS, Windows, and Linux. Dubbed BlueBorne, it exposes several...