Unauthenticated Injection of HID Messages via Bluetooth HID Hosts in BlueZ

Summary

CVE-2023-45866 is a Bluetooth vulnerability affecting the BlueZ software, which can lead to the injection of HID messages by unauthenticated devices. This vulnerability could potentially impact Linux-based systems and Ubuntu 22.04LTS. Apple has released patches to fix 12 vulnerabilities on various platforms, including the CVE-2023-45866. The new security mode introduced by Apple, called Stolen Device Protection, aims to protect sensitive data in cases of stolen passcodes by requiring FaceID for access. Security researcher Marc Newlin also discovered a Bluetooth bug that allows attackers to take over user devices, affecting Android, Linux, macOS, and iOS. Apple has released patches to address this vulnerability, and the tech giant is encouraging the community to continue probing Bluetooth flaws.

News Articles

CybersecurityNews

CVE-2023-45866

BlueDucky: A New Tool Exploits Bluetooth Vulnerability With 0-Click Code Execution

A new tool dunned BlueDucky, automating the exploitation of a critical Bluetooth pairing vulnerability that allows for 0-click code execution on unpatched devices.

6 months ago

Cyber Kendra

CVE-2023-45866CVE-2024-21306

'Zero-Click' Bluetooth Attacks Pose Serious Threat Across Major Operating Systems - Cyber Kendra

New zero-click Bluetooth flaws in Android, iOS, Windows let hackers secretly pair as keyboards & inject keystrokes.

6 months ago

Spiceworks

CVE-2023-45866

Apple Launches Key Security Upgrades - Spiceworks

Apple has released vulnerability patches and a new security mode to protect sensitive data. Find out more.

8 months ago

More News...