Media Talks About Android, Linux, macOS Security Issues While Microsoft Blames Windows Holes on "Russia"
CyberRisk Alliance LLC ☛ Critical Bluetooth flaw could take over Android, Apple, Linux devices [Ed: The media goes on and on about it while Microsoft blames "Russia" for Windows having loads of severe holes in it. Silicon Angle ☛ Microsoft-sponsored media does this a lot.]
Attackers can exploit a critical Bluetooth security vulnerability that’s been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted device as if they were attached by a Bluetooth keyboard, performing various functions remotely depending on the endpoint.
Tracked as CVE-2023-45866, the flaw exists in how in the Bluetooth protocol is implemented on various platforms. It works “by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user confirmation,” Marc Newlin, principal reverse engineer at SkySafe, revealed in a blog post published Dec. 6.
Hacker News ☛ New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.