Unauthenticated keystroke injection from BT on Android, Linux, macOS/iOS*
Open link in next tab
reblog/cve-2023-45866 at main · skysafe/reblog
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.
Unpatched devices are vulnerable under the following conditions:
- Android devices are vulnerable whenever Bluetooth is enabled
- Linux/BlueZ requires that Bluetooth is discoverable/connectable
- iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer
Time to disable Bluetooth on all your old android phones!