Security News > 2020 > February > Critical Bluetooth Vulnerability Exposes Android Devices to Attacks
One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution.
While no user interaction is required for the attack to be successful, the adversary needs to know the target device's Bluetooth MAC address and Bluetooth has to be enabled.
Devices running Android versions older than 8.0 might be impacted as well, but the researcher says that impact on those devices hasn't been evaluated yet.
Only the Android Bluetooth Stack is affected by the vulnerability.
For devices that have yet to receive a patch or which are no longer supported, mitigation steps include keeping Bluetooth disabled at all times, and only enabling it when strictly necessary, as well as ensuring that the device is non-discoverable when Bluetooth is enabled.
News URL
Related news
- FortiManager critical vulnerability under active attack (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)