According to The Hacker News , security researcher Marc Newlin reported the vulnerability to software vendors in August 2023. He stated that Bluetooth technology has a vulnerability that bypasses authentication, allowing attackers to connect to devices in the area without user confirmation or interaction.
This vulnerability has been assigned the tracking code CVE-2023-45866, describing an authentication bypass scenario that allows a threat actor to connect to devices and execute code by pressing keys on behalf of the victim. The attack tricks the target device into thinking it's connected to a Bluetooth keyboard by exploiting an unauthenticated pairing mechanism defined in the Bluetooth specification.
The Bluetooth connection standard is facing numerous security vulnerabilities.
Successful exploitation of the vulnerability could allow hackers within the Bluetooth connection range to transmit keystrokes to install applications and execute arbitrary commands. Notably, the attack does not require any specialized hardware and can be carried out from a Linux computer using a standard Bluetooth adapter. Technical details of the vulnerability are expected to be published in the future.
This Bluetooth vulnerability affects a wide range of devices running Android version 4.2.2 and above, as well as iOS, Linux, and macOS. The flaw affects macOS and iOS when Bluetooth is enabled and the Apple Magic Keyboard is paired with the vulnerable device. It also works in LockDown Mode, a mode designed to protect against Apple's digital threats. Google states that the CVE-2023-45866 vulnerability can lead to near-field privilege escalation on a device without requiring additional execution privileges.
Source link
![[Photo] Radiant smiles at the "Building Tet" festival in Da Nang](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/02/12/1770872911216_ndo_br_nhan-qua-jpg.webp)
Comment (0)