BluetoothIconXA newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites Avatar
Fall Under Cerulean Kites
68 months ago
This may result in information disclosure, elevation of privilege and/or denial of service.
Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
Score: 10 Votes (Like | Disagree)
macintoshmac Avatar
macintoshmac
68 months ago
Why are Microsoft devices not affected? :oops:
Score: 4 Votes (Like | Disagree)
macduke Avatar
macduke
68 months ago
Why are Microsoft devices not affected? :oops:
Security through obscurity.
Score: 4 Votes (Like | Disagree)
Cougarcat Avatar
Cougarcat
68 months ago
Only High Sierra? Did the Sierra security update fix this?
Score: 3 Votes (Like | Disagree)
m0sher Avatar
m0sher
68 months ago
I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
Score: 3 Votes (Like | Disagree)
fairuz Avatar
fairuz
68 months ago
Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
[doublepost=1532463234][/doublepost]
Only High Sierra? Did the Sierra security update fix this?
HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
Edit: Not actually sure cause the Bluetooth subsection says something different.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

Multi Display CarPlay 1

All-New Apple CarPlay Launching Later This Year With These 5 New Features

Friday September 29, 2023 11:29 am PDT by
At WWDC 2022 last year, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple said the first vehicles with support for the next-generation CarPlay experience would be announced in late 2023, but it has still not shared any additional...
Read Full Article
BMW Logo iPhone 15 Pro

Warning: BMW Wireless Charging May Break iPhone 15's Apple Pay Chip

Sunday October 1, 2023 6:14 am PDT by
If you have an iPhone 15 and drive a BMW, it might be best to avoid charging the device with the vehicle's wireless charging pad for now. Over the past week, some BMW owners have complained that their iPhone 15's NFC chip no longer works after charging the device with their vehicle's wireless charging pad, according to comments shared on the MacRumors Forums and X, formerly known as Twitter. ...
Read Full Article435 comments
iPhone 15 Pro lineup

Apple to Address iPhone 15 Pro Overheating Issue With iOS 17 Update

Saturday September 30, 2023 9:28 am PDT by
Apple plans to release an iOS 17 update to address a bug that may contribute to the reported iPhone 15 Pro and iPhone 15 Pro Max overheating issue, according to a statement the company shared today with MacRumors and Forbes reporter David Phelan. Apple also says some recent updates to third-party apps have overloaded the system and contributed to the overheating issue. The report notes that...
Read Full Article319 comments
iphone se 4 modified flag edges

iPhone SE 4 Details: Action Button, USB-C Port, Face ID, and More

Wednesday September 27, 2023 1:34 pm PDT by
Significant changes are expected to arrive with Apple's fourth-generation iPhone SE, in terms of both design and hardware, MacRumors has learned. The iPhone SE 4, known internally under the codename Ghost, is expected to receive a new design derived almost entirely from the base model iPhone 14. According to our sources, the iPhone SE 4 will use a modified version of the iPhone 14 chassis...
Read Full Article151 comments
iPhone 16 Side Feature

iPhone 16 and 16 Pro: Preliminary Weights and Dimensions

Friday September 29, 2023 12:34 pm PDT by
MacRumors has obtained preliminary information on the weights and dimensions planned for the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max. The information corroborates previous reports suggesting that the iPhone 16 Pro and 16 Pro Max will feature larger displays. iPhone 16 and 16 Plus Current information suggests that the iPhone 16 and 16 Plus will maintain the same...
Read Full Article149 comments
uk bank account apple wallet 2

Apple Wallet's New Bank Account Feature Likely to Expand to U.S.

Friday September 29, 2023 8:11 pm PDT by
Starting with the iOS 17.1 beta released this week, iPhone users in the U.K. can add debit and credit cards from select banks in the country to the Wallet app and view their available balances and latest transactions for those accounts. Apple calls this feature Connected Cards, and it's currently available in the U.K. only, but there is now evidence to suggest it will expand to the U.S. in...
Read Full Article53 comments
iPhone 15 Pro Cameras

Apple Says iPhone 15 Pro's Titanium Frame Does Not Contribute to Overheating Issue

Saturday September 30, 2023 11:10 am PDT by
Apple today said it plans to release an iOS 17 software update with a bug fix for the iPhone 15 Pro and iPhone 15 Pro Max overheating issue, and the company has since shared additional details about the matter with MacRumors. Importantly, Apple said the issue is not related to the titanium frame. Contrary to a report this week, Apple said the iPhone 15 Pro's design does not contribute to...
Read Full Article512 comments