A vulnerability has been identified in various devices running different operating systems, including Android, Linux, iOS and macOS, while the Bluetooth functionality is enabled. An unauthenticated attacker within the wireless range of the vulnerable devices could spoof the devices into pairing with a susceptible Bluetooth keyboard without requiring any user’s consent and inject malicious keystrokes to achieve code execution.
Bluetooth-enabled devices with satisfying any of the following conditions:
It is strongly recommended to consult the product supplier and/or device manufacturer if the systems or devices are affected.
Successful exploitation of the vulnerability could lead to arbitrary code execution, escalation of privilege or spoofing on an affected device.
System administrators and users should check with their product vendors to confirm if their devices are affected and the availability of patches. System administrators and users should apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.
As a security best practice, Bluetooth on affected devices should be disabled when not in use.