A critical vulnerability in Bluetooth (CVE-2023-45866), poses a security risk to too many operating systems, including Android, Linux, macOS, and iOS.
Critical vulnerability in Bluetooth allows attackers to gain access to affected systems.
The vulnerability, CVE-2023-45866, allows attackers to impersonate a keyboard and remotely take over various systems. This flaw affects too many platforms, (Android, Linux, macOS, and iOS), which allow keyboard input without Bluetooth authentication.
Google acknowledged the severity of this vulnerability and released updates for devices running Android. However, the updates haven't rolled out to all devices yet. Red Hat recommends several protective measures, such as turning off Bluetooth, making the device undetectable via Bluetooth, or preventing incoming pairing. Ubuntu has addressed the issue, stating that it was resolved in a previous update, which was not initially announced for obvious reasons.
Marc Newlin, the security researcher who discovered the vulnerability, Reported that the attack does not require specialized hardware and can be performed using a regular Bluetooth adapter. Newlin's research reports vulnerabilities in wireless mice and keyboards from 17 vendors.
George is still wondering what he is doing here….
