Unauthenticated Injection of HID Messages via Bluetooth HID Hosts in BlueZ
CVE-2023-45866
Key Information
- Vendor
- BlueZ
- Status
- Android
- Vendor
- CVE Published:
- 8 December 2023
Badges
Summary
CVE-2023-45866 is a Bluetooth vulnerability affecting the BlueZ software, which can lead to the injection of HID messages by unauthenticated devices. This vulnerability could potentially impact Linux-based systems and Ubuntu 22.04LTS. Apple has released patches to fix 12 vulnerabilities on various platforms, including the CVE-2023-45866. The new security mode introduced by Apple, called Stolen Device Protection, aims to protect sensitive data in cases of stolen passcodes by requiring FaceID for access. Security researcher Marc Newlin also discovered a Bluetooth bug that allows attackers to take over user devices, affecting Android, Linux, macOS, and iOS. Apple has released patches to address this vulnerability, and the tech giant is encouraging the community to continue probing Bluetooth flaws.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE
Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE
2 days ago
Bluetooth Vulnerability Enables Keystroke Injection on Android, Linux, macOS, iOS
Another day, another Bluetooth vulnerability impacting billions of devices worldwide!
4 days ago
This Bluetooth security flaw could be used to hijack Apple and Linux devices
Experts uncover new way to trick devices via Bluetooth
4 days ago
Refferences
CVSS V3.1
Timeline
- π΄
Public PoC available
Vulnerability started trending
- πΎ
Exploit known to exist
Vulnerability published
First article discovered by Theregister
Vulnerability Reserved