"🚨 Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! 🚨"
A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.
Key details include:
- BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
- Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
- CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.
Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.
Stay vigilant and update your devices! 🛡️📱💻
Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert
Sources:
- NVD: CVE-2023-45866
- Tenable: CVE-2023-45866 Details
- Hackread Article by Waqas: Bluetooth Vulnerability Report