Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place - MacRumors
Skip to Content

Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place

by

BluetoothIconXA newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites Avatar
Fall Under Cerulean Kites
102 months ago
This may result in information disclosure, elevation of privilege and/or denial of service.
Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
Score: 10 Votes (Like | Disagree)
macduke Avatar
macduke
102 months ago
Why are Microsoft devices not affected? :oops:
Security through obscurity.
Score: 4 Votes (Like | Disagree)
macintoshmac Avatar
macintoshmac
102 months ago
Why are Microsoft devices not affected? :oops:
Score: 4 Votes (Like | Disagree)
m0sher Avatar
m0sher
102 months ago
I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
Score: 3 Votes (Like | Disagree)
C
Cougarcat
102 months ago
Only High Sierra? Did the Sierra security update fix this?
Score: 3 Votes (Like | Disagree)
N
noraa
102 months ago
Why are Microsoft devices not affected? :oops:
Where are you reading that Microsoft products aren't affected? If you click on the first link in the article, it takes you to Intel's research notes on the vulnerability - Windows is listed as the first OS on how to fix the issue.

The vulnerability isn't in the OS, it's in the driver's. Apple produces their own drivers (for the most part), whereas Microsoft/Windows relies on 3rd party drivers from the device manufacturer Thus you wouldn't say Windows is vulnerable, but various Bluetooth devices and drivers are vulnerable on Windows.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

airpods pro 3 pink

New Apple Card Holders Can Get Free AirPods Pro 3, But There's a Catch

Monday May 18, 2026 8:11 am PDT by
Apple today launched a new promotion offering new Apple Card holders the chance to earn back the cost of AirPods Pro 3 through monthly cash rebates, but there is a recurring spend requirement attached. Customers who open a new Apple Card account and purchase AirPods Pro 3 directly from Apple by June 15 will qualify. Starting July 1 and running through April 30, 2027, cardholders can earn $25 ...
Read Full Article83 comments
Foldable iPhone 2023 Feature 1

Foldable iPhone Production Stalls Amid Hinge Issues

Monday May 18, 2026 7:29 am PDT by
Trial production of Apple's long-anticipated foldable iPhone, likely called the "iPhone Ultra," has run into a significant engineering hurdle centered on hinge reliability, according to a known leaker. The leaker known as "Instant Digital" posted on Weibo that the foldable device's hinge is consistently failing to meet Apple's quality control standards under conditions of prolonged,...
Read Full Article119 comments
wwdc apple park in person

Apple Announces WWDC 2026 Schedule, Sends Media Invites

Monday May 18, 2026 10:23 am PDT by
Apple today provided a schedule for its 2026 Worldwide Developers Conference, which starts on June 8 and ends on June 12. Apple also sent out invites to members of the media who have been invited to attend an in-person keynote viewing at Apple Park. Both the invites and schedule confirm that the keynote will begin at the standard time, 10:00 a.m. Pacific Time or 1:00 p.m Eastern Time....
Read Full Article34 comments