Critical Bluetooth Vulnerability CVE-2023-45866 Affects Android, iOS, Linux, and macOS
A high‑severity Bluetooth vulnerability (CVE‑2023‑45866) discovered by SkySafe researcher Marc Newlin allows attackers to bypass authentication, pair a fake keyboard, and execute code on Android, iOS, Linux, and macOS devices, with Google’s December Android security update already addressing the issue.
On December 6, SkySafe researcher Marc Newlin published a GitHub blog post revealing a critical Bluetooth vulnerability (CVE‑2023‑45866) that impacts Android, iOS, Linux, and macOS devices.
The vulnerability is an authentication‑bypass flaw dating back to 2012; an attacker can trick the Bluetooth host into pairing a counterfeit keyboard without user confirmation, enabling code execution under the victim’s identity.
Newlin explained that the Bluetooth specification’s pairing mechanism lacks proper authentication at the lower layers, which the attacker exploits, and that full details and a proof‑of‑concept script will be demonstrated at an upcoming conference.
Emily Phelps, director at Cyware, noted that the exploit allows remote control of the victim’s device, potentially downloading apps, sending messages, or running arbitrary commands depending on the system.
Google’s December Android security update has already patched CVE‑2023‑45866.
For more detailed information, refer to the GitHub blog post: https://github.com/skysafe/reblog/tree/main/cve-2023-45866 .
php中文网 Courses
php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.