Skip to Content

Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place

by

BluetoothIconXA newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites Avatar
Fall Under Cerulean Kites
99 months ago
This may result in information disclosure, elevation of privilege and/or denial of service.
Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
Score: 10 Votes (Like | Disagree)
macintoshmac Avatar
macintoshmac
99 months ago
Why are Microsoft devices not affected? :oops:
Score: 4 Votes (Like | Disagree)
macduke Avatar
macduke
99 months ago
Why are Microsoft devices not affected? :oops:
Security through obscurity.
Score: 4 Votes (Like | Disagree)
C
Cougarcat
99 months ago
Only High Sierra? Did the Sierra security update fix this?
Score: 3 Votes (Like | Disagree)
m0sher Avatar
m0sher
99 months ago
I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
Score: 3 Votes (Like | Disagree)
fairuz Avatar
fairuz
99 months ago
Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
[doublepost=1532463234][/doublepost]
Only High Sierra? Did the Sierra security update fix this?
HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
Edit: Not actually sure cause the Bluetooth subsection says something different.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

iphone fold text

iPhone Fold Crease Measurements Revealed as Device Hits Production

Wednesday February 25, 2026 5:37 am PST by
Apple has submitted production line orders for its upcoming foldable iPhone, effectively confirming that the device will launch this year, claims a Chinese leaker. According to the Weibo account "Fixed Focus Digital," assembly lines recently received the orders from Apple, which has apparently allowed the leaker to learn the crease measurements for the device's 7.8-inch inner display....
Read Full Article136 comments
Low Cost A18 Pro MacBook Feature Pink

Leaker Says Apple's Lower-Cost MacBook Will Have These 8 Limitations

Wednesday February 25, 2026 9:25 am PST by
Apple is expected to unveil its long-rumored lower-cost MacBook next week. Given it will be more affordable, this MacBook model will obviously have some reduced specs and compromises compared to the MacBook Air and MacBook Pro. While we are still waiting for Apple to announce the new MacBook, a leaker has shared eight alleged limitations to expect, based on an internal version of Apple's...
Read Full Article355 comments
m3 macbook pro blue

M5 Pro and M5 Max MacBook Pro: What to Expect

Wednesday February 25, 2026 3:02 pm PST by
Apple is working on a new MacBook Pro that could launch next week ahead of the "Special Experience" planned for March 4, so we thought we'd highlight all of the rumors about the device so far. Design There are no rumors of design changes, and we are expecting the upcoming M5 MacBook Pro models to look just like the M4 versions. Apple will continue to offer 14-inch and 16-inch size options,...
Read Full Article77 comments