[rwth-security] Exploiting 0-click Android Bluetooth vulnerability to inject

23 Jan 2024


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing"
--> critical vulnerabilities (CVE-2023-45866, CVE-2024-21306) in Bluetooth
--> can be exploited to inject keystrokes without user confirmation – by
        accepting any Bluetooth pairing request
--> affect Android, Linux, macOS, iOS, and Windows operating systems
ein PoC findet sich auf [1]
VG
Bernd
[0]
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetoot...
[1]
https://github.com/marcnewlin/hi_my_name_is_keyboard
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
https://www.itc.rwth-aachen.de

Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/c/ITCenterRWTHAachen

2024

2023

2022

2021

2020

2019

2018

[rwth-security] Exploiting 0-click Android Bluetooth vulnerability to inject