Shulou(Shulou.com)12/24 Report--

CTOnews.com December 8, SkySafe researcher Marc Newlin released a GitHub blog post on December 6, revealing a high-risk Bluetooth vulnerability that affects Android, iOS, Linux and macOS devices.

The vulnerability tracking number, CVE-2023-45866, is an identity bypass vulnerability that dates back to 2012, which allows attackers to trick the Bluetooth host state without user confirmation, pairing fake keyboards, and injecting attacks to execute code as victims.

Newlin said that in the Bluetooth specification, the underlying pairing mechanism is unauthenticated and can be exploited by attackers. He said the full details of the vulnerability and proof-of-concept scripts would be publicly demonstrated at subsequent meetings.

Emily Phelps (Emily Phelps), director of Cyware, said attackers could use the vulnerability to remotely control the victim's device without authentication, depending on the system, downloading applications, sending messages or running commands.

CTOnews.com previously reported that Google's December Android security update had fixed the CVE-2023-45866 vulnerability. In addition, for more detailed information about the vulnerability, you can visit GitHub blog posts.

Related readings:

"Google December update fixes a" key "vulnerability: arbitrary code can be executed remotely without user interaction"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.