Security News > 2020 > February > Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction.
Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.
The RCE bug poses as a critical-severity threat to Android versions Pie and Oreo, which account for almost two-thirds of Android devices at this point, if they have enabled Bluetooth.
The flaw is particularly dangerous because no user interaction is required and only the Bluetooth MAC address of the target devices has to be known to launch the attack, researchers said.
In 2019, researchers found a critical vulnerability impacting the Android core system related to the Bluetooth component "l2c lcc proc pdu".
News URL
https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)