BluetoothIconXA newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites Avatar
Fall Under Cerulean Kites
84 months ago
This may result in information disclosure, elevation of privilege and/or denial of service.
Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
Score: 10 Votes (Like | Disagree)
macintoshmac Avatar
macintoshmac
84 months ago
Why are Microsoft devices not affected? :oops:
Score: 4 Votes (Like | Disagree)
macduke Avatar
macduke
84 months ago
Why are Microsoft devices not affected? :oops:
Security through obscurity.
Score: 4 Votes (Like | Disagree)
Cougarcat Avatar
Cougarcat
84 months ago
Only High Sierra? Did the Sierra security update fix this?
Score: 3 Votes (Like | Disagree)
m0sher Avatar
m0sher
84 months ago
I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
Score: 3 Votes (Like | Disagree)
fairuz Avatar
fairuz
84 months ago
Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
[doublepost=1532463234][/doublepost]
Only High Sierra? Did the Sierra security update fix this?
HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
Edit: Not actually sure cause the Bluetooth subsection says something different.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

apple wallet drivers license feature iPhone 15 pro

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Thursday January 2, 2025 6:45 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Below, we outline which U.S. states and territories offer the feature, and additional states that have committed to rolling it out in...
Read Full Article128 comments
MacBook Air 15 Inch Feature Purple

New MacBook Air Models Coming Soon With These Rumored Features

Thursday January 2, 2025 6:42 am PST by
One of Apple's first product announcements of 2025 will likely be updated 13-inch and 15-inch MacBook Air models with the M4 chip. Below, we recap rumors about the next MacBook Air models. New Features Expected The new MacBook Air models are expected to be equipped with Apple's already-released M4 chip, which has a 10-core CPU and a 10-core GPU. Apple already updated the MacBook...
Read Full Article68 comments
iPhone 17 Slim Feature Single Camera 1 Redux

iPhone 17 Air's Thickness and Price Range Revealed in New Report

Friday January 3, 2025 7:16 am PST by
Apple is widely rumored to be planning an ultra-thin iPhone 17 model for release later this year, and a new report offers a few purported details. South Korea's Sisa Journal today reported that Apple is aiming for the so-called "iPhone 17 Air" to be 6.25mm thick. If that measurement ends up being accurate, the device would become the thinnest iPhone ever, topping the current 6.9mm record set ...
Read Full Article236 comments
apple vision pro

Apple Vision Pro May Now Be Out of Production

Tuesday December 31, 2024 2:00 pm PST by
Apple's first-generation Vision Pro headset may have now ceased production, following reports of reduced demand and production cuts earlier in the year. In October, The Information's Wayne Ma reported that Apple had abruptly reduced production of the Vision Pro headset ahead of potential plans to stop making the current version of the device completely by the end of 2024. With the year now...
Read Full Article369 comments
iPhone SE 4 Thumb 1

'iPhone SE 4' Rumored to Be Named 'iPhone 16E'

Wednesday January 1, 2025 8:31 am PST by
Apple is expected to release a fourth-generation iPhone SE in March, but it has been rumored that the device will have a different name. The device succeeding the third-generation iPhone SE will be named the iPhone 16E, according to a December 13 post from Fixed Focus Digital, an account with over two million followers on Chinese social media platform Weibo. On December 31, another leaker...
Read Full Article134 comments
aapl logo banner

Apple Broke a 13-Year Hardware Streak in 2024

Wednesday January 1, 2025 1:00 am PST by
For over a decade, Apple has consistently announced all-new hardware product lines, from the iPad in 2010 to the Vision Pro in 2023. But for the first time in 14 years, Apple failed to announce any major new hardware products in 2024, focusing solely on updates and refinements to its existing product lines. While Apple unveiled a large number of significant hardware refreshes in 2024, such...
Read Full Article112 comments
Generic iOS 18

Here's What's New in iOS 18.3 So Far

Friday January 3, 2025 11:58 am PST by
iOS 18.3 is currently in beta for developers and public beta testers. So far, the upcoming iPhone software update is very minor in scope. Below, we outline what is new in iOS 18.3 so far. The only potential new feature coming to iPhones with iOS 18.3 so far is robot vacuum support in the Home app, but this functionality is not yet live. Apple is laying the groundwork for the feature,...
Read Full Article
Tim Cook MacBook

Apple CEO Tim Cook Donating $1 Million to Trump's Inaugural Fund

Friday January 3, 2025 1:27 pm PST by
Apple CEO Tim Cook plans to donate $1 million to Donald Trump's inauguration fund, reports Axios. The donation will be a personal donation directly from Cook rather than a donation from Apple. Following Trump's win, Cook congratulated him on social media site X, and in December, Cook had dinner with Trump at Mar-a-Lago. Cook aimed to maintain a relationship with Trump during Trump's first...
Read Full Article574 comments