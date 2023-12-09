Attackers can exploit a critical Bluetooth security vulnerability that’s been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted device as if they were attached by a Bluetooth keyboard, performing various functions remotely depending on the endpoint.

Tracked as CVE-2023-45866, the flaw exists in how in the Bluetooth protocol is implemented on various platforms. It works “by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user confirmation,” Marc Newlin, principal reverse engineer at SkySafe, revealed in a blog post published Dec. 6.