Daffodil International University
Faculty of Science and Information Technology => Recent Technologies and Trends in Software Engineering => Software Engineering => Cyber and Software Security => Topic started by: maruf.swe on February 22, 2020, 01:36:22 AM
-
(https://media.threatpost.com/wp-content/uploads/sites/103/2018/07/24134212/bluetooth.jpg)
The flaw was recently patched in Android’s February Security Bulletin.
A critical vulnerability in the Bluetooth implementation on Android devices could allow attackers to launch remote code execution (RCE) attacks – without any user interaction.
Researchers on Thursday revealed further details behind the critical Android flaw (CVE-2020-0022), which was patched earlier this week as part of Google’s February Android Security Bulletin. The RCE bug poses as a critical-severity threat to Android versions Pie (9.0) and Oreo (8.0, 8.1), which account for almost two-thirds of Android devices at this point, if they have enabled Bluetooth.
On these versions, researchers said that a remote attacker “within proximity” can silently execute arbitrary code with the privileges of the Bluetooth daemon, which is a program that runs in the background and handles specified tasks at predefined times or in response to certain events. The flaw is particularly dangerous because no user interaction is required and only the Bluetooth MAC address of the target devices has to be known to launch the attack, researchers said.
For More Details : https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/ (https://threatpost.com/critical-android-bluetooth-bug-enables-rce-no-user-interaction-needed/152699/)