Security News > 2020 > February > Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction.
Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.
The RCE bug poses as a critical-severity threat to Android versions Pie and Oreo, which account for almost two-thirds of Android devices at this point, if they have enabled Bluetooth.
The flaw is particularly dangerous because no user interaction is required and only the Bluetooth MAC address of the target devices has to be known to launch the attack, researchers said.
In 2019, researchers found a critical vulnerability impacting the Android core system related to the Bluetooth component "l2c lcc proc pdu".
News URL
https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/
Related news
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical Progress WhatsUp RCE flaw now under active exploitation (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- SolarWinds fixes critical RCE bug affecting all Web Help Desk versions (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)