A Bluetooth authentication bypass vulnerability, tracked as CVE-2023-45866, has been discovered to be impacting Apple, Android, and some Linux devices.
The bug allows attackers to connect to devices and inject keystrokes to execute arbitrary commands. It doesn’t require special hardware and can be exploited from a Linux machine using a regular Bluetooth adapter. The flaw was reported to Apple, Google, Canonical, and Bluetooth SIG. The security researcher who reported the issue is holding off from releasing the vulnerability details and proof of concept until everything has been patched. The vulnerability has been present since at least 2012, tricks the Bluetooth host state-machine into pairing with a fake keyboard without user confirmation. While Linux fixed the issue in 2020, many Linux distributions, including Ubuntu, Debian, Fedora, Gentoo, Arch, and Alpine, left the fix disabled by default, leaving them vulnerable. Apple has acknowledged the report but hasn’t provided a patch timeline.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
https://www.theregister.com/2023/12/06/bluetooth_bug_apple_linux/
This segment was created for the It’s 5:05 podcast
https://505updates.com/2023-12-08-cybersecurity-and-open-source-headlines/