Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 4.2.2 |
||
google android 6.0.1 |
||
google android 10.0 |
||
google android 11.0 |
||
google android 13.0 |
||
google android 14.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 22.04 |
||
canonical ubuntu linux 23.10 |
||
apple iphone_os 16.6 |
||
apple macos 12.6.7 |
||
apple macos 13.3.3 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |
||
apple macos |
||
apple iphone os |
||
apple ipad os |
||
debian debian linux 10.0 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Issue has been around since at least 2012
A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, tracked as CVE-2023-45866, doesn't require any special hardware to exploit, and the attack can be pulled off from a Linux machine using a regular Bluetooth adapter, says Marc Newlin, who found the flaw and reported it to Apple, Google, Canonical, and B...