Fixes for these issues affecting Android 11 to 14 are available for affected OEMs.
|No te pierdas nada y ¡Síguenos en Google News!
A Bluetooth vulnerability that has existed since at least 2012 could be jeopardizing the security of Android, Linux, MacOS, and iOS devices, as revealed in an update on GitHub by the bug tracker Marc Newlin.
This flaw allows hackers to gain access to Android devices, and in the case of Linux, if Bluetooth is detectable. Likewise, iOS and MacOS devices with Bluetooth enabled and a paired Magic Keyboard are also vulnerable.
The problem has existed since at least 2012
No special hardware is required for a malicious actor to exploit the vulnerability and compromise a device. Once connected, the hacker can pair a fake keyboard with the device without user confirmation, executing commands without their consent.
Google has been alerted to this issue, and the company states that there is a security solution for devices running Android 11 to 14. Compatible Pixel devices will receive the patch with the December security update.
However, this leaves devices running earlier versions of the operating system still vulnerable. In the case of ChromeOS, the only Linux-based operating system that has been patched, other distributions such as Ubuntu, Debian, Fedora, and Gentoo remain susceptible to hacking. Apple has also been informed of the vulnerability, but a resolution date has not been announced yet.
I omitted Bluetooth during the MouseJack research because I was intimidated and feared I wouldn't find anything. I finally decided to look, and it went about like you'd expect 🙂 https://t.co/WgRcakmk0k
— Marc Newlin (@marcnewlin) December 6, 2023
While companies are working on solutions, the delay in patches underscores the importance of staying informed about specific security issues for each device. For example, Google has a bug bounty program that pays bug hunters for reporting these issues, disbursing $4.8 million in 2022.
Note: This content has been translated with an artificial intelligence tool, so the translation may be slightly inaccurate. The original version written by our editor is the the Spanish version