A Bluetooth security vulnerability has been identified as serious, which can be exploited by threat actors to take control of popular devices today.
According to The Hacker News, security researcher Marc Newlin was the one who reported the vulnerability to software vendors in August 2023. technology He said Bluetooth has an authentication bypass vulnerability, allowing attackers to connect to devices in the area without the user confirming and performing the operation.
This bug has been assigned tracking code CVE-2023-45866, which describes an authentication bypass that allows threat actors to connect to devices, and perform keystrokes to execute code as a victim core. The attack fools the target device into thinking it is connected to a Bluetooth keyboard by taking advantage of the unauthenticated pairing mechanism, defined in the Bluetooth specification .
Successful exploitation of the vulnerability could allow a hacker within range of a Bluetooth connection to transmit keystrokes to install applications and run arbitrary commands. It’s worth noting that the attack doesn’t require any specialized hardware, and can be performed from a Linux computer using a regular Bluetooth adapter. Technical details of the vulnerability are expected to be announced in the future.
This Bluetooth vulnerability affects a variety of devices running Android from version 4.2.2, iOS, Linux, and macOS. The bug affects macOS and iOS when Bluetooth is enabled and an Apple keyboard (Magic Keyboard) is paired with the vulnerable device. It also operates in LockDown Mode, a mode aimed at fighting Apple’s digital threats. Google says bug CVE-2023-45866 can lead to the escalation of privileges on a device at close range without requiring additional execution privileges.