A severe security vulnerability in Bluetooth, identified as CVE-2023-45866, poses a significant risk as threat actors could exploit it to gain control over Android, Linux, macOS, and iOS devices. The flaw involves an authentication bypass that allows attackers to establish a connection with vulnerable devices, injecting keystrokes to achieve code execution on the victim’s system.
Security researcher Marc Newlin, who brought attention to these vulnerabilities after notifying software vendors in August 2023, explained that multiple Bluetooth stacks are susceptible to authentication bypass, enabling unauthorized connections to discoverable hosts without user confirmation. The attack capitalizes on an “unauthenticated pairing mechanism” outlined in the Bluetooth specification, tricking the targeted device into perceiving a connection with a Bluetooth keyboard.
Successful exploitation of this vulnerability could empower an adversary in close physical proximity to connect to a susceptible device and send keystrokes, potentially installing applications and executing arbitrary commands on the compromised system.
It’s important to note that the exploit doesn’t necessitate specialized hardware and can be executed from a Linux computer using a standard Bluetooth adapter. More technical details about the vulnerability are anticipated to be disclosed in the future.
This flaw impacts a broad spectrum of devices, including those running Android (from version 4.2.2 released in November 2012), iOS, Linux, and macOS.
Moreover, the bug affects macOS and iOS when Bluetooth is active, and a Magic Keyboard is paired with the susceptible device. It even operates in Apple’s LockDown Mode, designed to enhance security against sophisticated digital threats.
In a recent advisory, Google stated that CVE-2023-45866 “could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed.” If you found this article intriguing, consider following us on Twitter and LinkedIn for more exclusive content.
