CVE-2023-45866

Name of the Vulnerable Software and Affected Versions BlueZ versions prior to the fixed version Android versions prior to 11 Linux versions with vulnerable Bluetooth stacks macOS versions with vulnerable Bluetooth stacks iOS versions with vulnerable Bluetooth stacks

Description A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS, and iOS devices. The issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim. This could lead to remote escalation of privilege with no additional execution privileges needed, and user interaction is not required for exploitation. The estimated number of potentially affected devices worldwide is not specified, but the flaw affects multiple operating systems, including Android, Linux, macOS, and iOS.

Recommendations For BlueZ: Update to a version that includes the fix for the authentication bypass vulnerability. For Android versions prior to 11: No solution is available yet, consider disabling Bluetooth when not in use as a temporary workaround. For Linux versions with vulnerable Bluetooth stacks: Update to a version that includes the fix for the authentication bypass vulnerability. For macOS versions with vulnerable Bluetooth stacks: Update to a version that includes the fix for the authentication bypass vulnerability. For iOS versions with vulnerable Bluetooth stacks: Update to a version that includes the fix for the authentication bypass vulnerability, such as iOS and iPadOS 17.2.