Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Four months unrepaired, security company exposed Apple iOS / macOS Bluetooth keyboard injection vulnerability CVE-2023-45866

2024-05-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

CTOnews.com, December 8, SkySafe software engineer Marc Newlin today revealed a Bluetooth security vulnerability CVE-2023-45866 involving Apple's macOS and iOS / iPadOS operating systems that allow hackers to launch injection attacks using Bluetooth keyboards.

Marc Newlin, a GitHub page related to ▲ images, claims that he discovered the vulnerability and submitted it to Apple in August, but Apple has not fixed it until now, so he finally decided to make it public.

CTOnews.com found that this CVE-2023-45866 vulnerability mainly affects devices paired with MagicKeyboard (wonderful control keyboard). Hackers can use the loophole to bypass the user confirmation step and make the system think that the Bluetooth input source forged by the hacker is a paired control keyboard, thus allowing hackers to connect directly to the target host, remotely take over the user keyboard, and enter arbitrary keystroke instructions.

Marc Newlin claims that CVE-2023-45866 is mainly due to a loophole in the Bluetooth protocol. Because the underlying pairing mechanism does not require authentication, hackers can deceive the victim's device and get the victim's device to receive input from the hacker by falsifying the pairing protocol.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report