Security News > 2020 > February > Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw

Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw
2020-02-07 06:04

Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.

Designated CVE-2020-0022, the flaw was discovered and reported by researchers with German company ERNW who say a fix has been in the works since November.

"On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled," the team explained.

"No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address."

In the meantime, ERNW advises those worried about the flaw to switch to wired headphones and make sure their devices are not in discovery mode in public.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/07/android_bluetooth_flaw/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-13 CVE-2020-0022 Incorrect Calculation vulnerability in multiple products
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation.
low complexity
google huawei CWE-682
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Android 4 0 17 2 0 19
Bluetooth 4 3 10 3 0 16