The Hacker NewsTHN:418DBE853B8D544E26AC702A51FB5502New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
6.3 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.2%
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.
Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.
βMultiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes,β said security researcher Marc Newlin, who disclosed the flaws to the software vendors in August 2023.
Specifically, the attack deceives the target device into thinking that itβs connected to a Bluetooth keyboard by taking advantage of an βunauthenticated pairing mechanismβ thatβs defined in the Bluetooth specification.
Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and transmit keystrokes to install apps and run arbitrary commands.
Itβs worth pointing out that the attack does not require any specialized hardware, and can be performed from a Linux computer using a regular Bluetooth adapter. Additional technical details of the flaw are expected to be released in the future.
The vulnerability affects a wide range of devices running Android (going back to version 4.2.2, which was released in November 2012), iOS, Linux, and macOS.
Further, the bug affects macOS and iOS when Bluetooth is enabled and a Magic Keyboard has been paired with the vulnerable device. It also works in Appleβs LockDown Mode, which is meant to secure against sophisticated digital threats.
In an advisory released this month, Google said CVE-2023-45866 βcould lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.β
Update
Apple has rolled out fixes to address the Bluetooth security flaw, which it tracks as CVE-2024-0230, in Magic Keyboard Firmware Update 2.0.6. The patch is available for Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad.
βAn attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic,β the company said.
Microsoft, which is tracking the bug as CVE-2024-21306 (CVSS score: 5.7), addressed it as part of its January 2024 Patch Tuesday updates released earlier this week.
Found this article interesting? Follow us on Twitter ο and LinkedIn to read more exclusive content we post.
Related
6.3 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
36.2%