Security News > 2020 > February > Critical Bluetooth Vulnerability Exposes Android Devices to Attacks
One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution.
While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.
Devices running Android versions older than 8.0 might be impacted as well, but the researcher says that impact on those devices hasn't been evaluated yet.
Only the Android Bluetooth Stack is affected by the vulnerability.
For devices that have yet to receive a patch or which are no longer supported, mitigation steps include keeping Bluetooth disabled at all times, and only enabling it when strictly necessary, as well as ensuring that the device is non-discoverable when Bluetooth is enabled.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)