Security News > 2020 > February > Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction.
Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.
The RCE bug poses as a critical-severity threat to Android versions Pie and Oreo, which account for almost two-thirds of Android devices at this point, if they have enabled Bluetooth.
The flaw is particularly dangerous because no user interaction is required and only the Bluetooth MAC address of the target devices has to be known to launch the attack, researchers said.
In 2019, researchers found a critical vulnerability impacting the Android core system related to the Bluetooth component "l2c lcc proc pdu".
News URL
https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/
Related news
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)