Shulou(Shulou.com)12/24 Report--

CTOnews.com, December 8, SkySafe software engineer Marc Newlin today revealed a Bluetooth security vulnerability CVE-2023-45866 involving Apple's macOS and iOS / iPadOS operating systems that allow hackers to launch injection attacks using Bluetooth keyboards.

Marc Newlin, a GitHub page related to ▲ images, claims that he discovered the vulnerability and submitted it to Apple in August, but Apple has not fixed it until now, so he finally decided to make it public.

CTOnews.com found that this CVE-2023-45866 vulnerability mainly affects devices paired with MagicKeyboard (wonderful control keyboard). Hackers can use the loophole to bypass the user confirmation step and make the system think that the Bluetooth input source forged by the hacker is a paired control keyboard, thus allowing hackers to connect directly to the target host, remotely take over the user keyboard, and enter arbitrary keystroke instructions.

Marc Newlin claims that CVE-2023-45866 is mainly due to a loophole in the Bluetooth protocol. Because the underlying pairing mechanism does not require authentication, hackers can deceive the victim's device and get the victim's device to receive input from the hacker by falsifying the pairing protocol.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.