Security News > 2020 > February > Critical Bluetooth Vulnerability Exposes Android Devices to Attacks
One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution.
While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.
Devices running Android versions older than 8.0 might be impacted as well, but the researcher says that impact on those devices hasn't been evaluated yet.
Only the Android Bluetooth Stack is affected by the vulnerability.
For devices that have yet to receive a patch or which are no longer supported, mitigation steps include keeping Bluetooth disabled at all times, and only enabling it when strictly necessary, as well as ensuring that the device is non-discoverable when Bluetooth is enabled.
News URL
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)