Security News > 2020 > February > Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution attacks - without any user interaction.
Researchers on Thursday revealed further details behind the critical Android flaw, which was patched earlier this week as part of Google's February Android Security Bulletin.
The RCE bug poses as a critical-severity threat to Android versions Pie and Oreo, which account for almost two-thirds of Android devices at this point, if they have enabled Bluetooth.
The flaw is particularly dangerous because no user interaction is required and only the Bluetooth MAC address of the target devices has to be known to launch the attack, researchers said.
In 2019, researchers found a critical vulnerability impacting the Android core system related to the Bluetooth component "l2c lcc proc pdu".
News URL
https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)