BluetoothIconXA newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Top Rated Comments

Fall Under Cerulean Kites Avatar
Fall Under Cerulean Kites
82 months ago
This may result in information disclosure, elevation of privilege and/or denial of service.
Bluetooth pairing is so poor as it is, how would one even recognize they were being DoS’d?
Score: 10 Votes (Like | Disagree)
macintoshmac Avatar
macintoshmac
82 months ago
Why are Microsoft devices not affected? :oops:
Score: 4 Votes (Like | Disagree)
macduke Avatar
macduke
82 months ago
Why are Microsoft devices not affected? :oops:
Security through obscurity.
Score: 4 Votes (Like | Disagree)
Cougarcat Avatar
Cougarcat
82 months ago
Only High Sierra? Did the Sierra security update fix this?
Score: 3 Votes (Like | Disagree)
m0sher Avatar
m0sher
82 months ago
I’m just impressed by the time we hear the news, it’s already been fixed. Good job. :)
Score: 3 Votes (Like | Disagree)
fairuz Avatar
fairuz
82 months ago
Yo, maybe we can exploit this instead of fixing it. That way I can finally forcibly auto-pair my stuff instead of going through the painful pairing process manually!

Jokes aside, this is yet another reason I keep Bluetooth disabled forever (the other big one being that it's a PitA). It's like Adobe Flash, a new vulnerability every few months.
[doublepost=1532463234][/doublepost]
Only High Sierra? Did the Sierra security update fix this?
HS, Sierra, and El Cap are patched: https://support.apple.com/en-us/HT208937
Edit: Not actually sure cause the Bluetooth subsection says something different.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

election results 2024 live activities

Track 2024 U.S. Election Results Live on Your iPhone Lock Screen

Tuesday November 5, 2024 5:02 am PST by
Apple News is providing Live Activities support for the 2024 U.S. presidential election, allowing iPhone and iPad users to track electoral results in real time directly from their Lock Screen. The feature is rolling out for U.S. users over the course of Election Day, November 5, providing continuous updates of the electoral count. So if you're interested, you don't need to repeatedly check...
Read Full Article170 comments
Generic iOS 18

Everything New in iOS 18.2 Beta 2

Monday November 4, 2024 12:34 pm PST by
Apple today seeded the second betas of upcoming iOS 18.2 and iPadOS 18.2 updates to developers, and Apple is continuing to refine the Apple Intelligence capabilities. There are also a handful of smaller features that are worth knowing about. Find My Find My has a new option to Share Item Location with an "airline or trusted person" that can help you locate something that you've misplaced....
Read Full Article61 comments
iCloud General Feature

Here's What's New in Apple's Updated iCloud Terms and Conditions Taking Effect Next Week

Friday September 13, 2024 7:39 am PDT by
Apple has started notifying users about an upcoming revision to its iCloud Terms and Conditions, which takes effect on Monday, September 16. We compared the text of the upcoming iCloud Terms and Conditions with the current U.S. version from September 18, 2023 and identified four key changes: "Apple ID" references have been changed to "Apple Account" throughout. iCloud users must agree to ...
Read Full Article63 comments
ipads early bf deals

The Best Early Black Friday iPad Deals

Tuesday November 5, 2024 7:02 am PST by
Black Friday is still a few weeks away, but you can already find great prices on numerous iPads, including the 9th generation iPad, 10th generation iPad, iPad Air, and iPad mini. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Of course, there is a chance that ...
Read Full Article15 comments
ios 18 2 chatgpt plus

iOS 18.2 Beta 2 Shows Siri ChatGPT Limit, Offers 'Plus' Upgrade Option

Monday November 4, 2024 10:54 am PST by
With the second beta of iOS 18.2 that's available for developers today, Apple has further fleshed out the ChatGPT integration that's available with Siri. In the Settings app, there's now a section that shows the ChatGPT daily limit, and offers an option to upgrade to the paid ChatGPT Plus plan. The beta includes an Advanced Capabilities section with a "Daily Limit" reading that shows up as...
Read Full Article105 comments
M4 MacBook Pros Thumb

M4 MacBook Pro Reviews: Processor Benchmarks Impress, New Nano-Texture Option Worth the Extra $150

Thursday November 7, 2024 6:14 am PST by
The first wave of reviews of Apple's new M4-powered MacBook Pro models were published this morning. We've collected some of the latest impressions from YouTube channels and select media outlets below. Apple last month announced the new 14-inch and 16-inch MacBook Pro models, adding next-generation M4, M4 Pro, and M4 Max chips, with Thunderbolt 5 ports on higher-end models, display and camera ...
Read Full Article55 comments
early apple watch black friday

The Best Early Black Friday Apple Watch Deals

Wednesday November 6, 2024 6:33 am PST by
Black Friday is just around the corner, and Apple Watch deals have begun appearing ahead of the shopping holiday on November 29. In this article, we'll take a look at all of the best early Black Friday Apple Watch deals, including the new Series 10 models. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
Read Full Article7 comments