Unauthenticated Injection of HID Messages via Bluetooth HID Hosts in BlueZ
Key Information
- Vendor
- BlueZ
- Vendor
- CVE Published:
- 8 December 2023
Badges
Summary
CVE-2023-45866 is a Bluetooth vulnerability affecting the BlueZ software, which can lead to the injection of HID messages by unauthenticated devices. This vulnerability could potentially impact Linux-based systems and Ubuntu 22.04LTS. Apple has released patches to fix 12 vulnerabilities on various platforms, including the CVE-2023-45866. The new security mode introduced by Apple, called Stolen Device Protection, aims to protect sensitive data in cases of stolen passcodes by requiring FaceID for access. Security researcher Marc Newlin also discovered a Bluetooth bug that allows attackers to take over user devices, affecting Android, Linux, macOS, and iOS. Apple has released patches to address this vulnerability, and the tech giant is encouraging the community to continue probing Bluetooth flaws.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
BlueDucky: A New Tool Exploits Bluetooth Vulnerability With 0-Click Code Execution
A new tool dunned BlueDucky, automating the exploitation of a critical Bluetooth pairing vulnerability that allows for 0-click code execution on unpatched devices.
6 months ago
'Zero-Click' Bluetooth Attacks Pose Serious Threat Across Major Operating Systems - Cyber Kendra
New zero-click Bluetooth flaws in Android, iOS, Windows let hackers secretly pair as keyboards & inject keystrokes.
6 months ago
Apple Launches Key Security Upgrades - Spiceworks
Apple has released vulnerability patches and a new security mode to protect sensitive data. Find out more.
8 months ago
CVSS V3.1
Timeline
- πΎ
Exploit exists.
Vulnerability started trending.
Vulnerability published.
First article discovered by Theregister
Vulnerability Reserved.