Unauthenticated keystroke injection from BT on Android, Linux, macOS/iOS*
Unauthenticated keystroke injection from BT on Android, Linux, macOS/iOS*
github.com /skysafe/reblog/tree/main/cve-2023-45866
Unpatched devices are vulnerable under the following conditions:
- Android devices are vulnerable whenever Bluetooth is enabled
- Linux/BlueZ requires that Bluetooth is discoverable/connectable
- iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer
Time to disable Bluetooth on all your old android phones!
1
comments
In general you should disable bluetooth if you dont use it
3 0 Reply