safirsoft.com Logo
Best Free Download Softwares, Graphics, Fonts & Technology News
https://safirsoft.com Google and Intel warn of high-severity Bluetooth security bug in Linux

Yes, it's serious, but high severity doesn't necessarily mean high risk.

Google and Intel are warning of a high-severity Bluetooth flaw in all but the most recent version of the Linux Kernel. While a Google researcher said the bug allows seamless code execution by attackers within Bluetooth range, Intel is characterizing the flaw as providing an escalation of privileges or the disclosure of information.

The flaw resides in BlueZ, the software stack that by default implements all Bluetooth core protocols and layers for Linux. Besides Linux laptops, it's used in many consumer or industrial Internet-of-things devices. It works with Linux versions 2.4.6 and later.

In search of details

So far, little is known about BleedingTooth, the name given by Google engineer Andy Nguyen, who said that a blog post will be published “soon.” A Twitter thread and a YouTube video provide the most detail and give the impression that the bug provides a reliable way for nearby attackers to execute malicious code of their choice on vulnerable Linux devices that use BlueZ for Bluetooth.

Further ReadingBillions of devices imperiled by new clickless Bluetooth attack“BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices,” the researcher wrote. He said his discovery was inspired by research that led to BlueBorne, another proof-of-concept exploit that allowed attackers to send commands of their choice without requiring device users click any links, connect to a rogue Bluetooth device, or take any other action short of having Bluetooth turned on.

BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.

— Andy Nguyen (@theflow0) October 13, 2020

Below is the YouTube video demonstrating how the exploit works.

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

Intel, meanwhile, has issued this bare-bones advisory that categorizes the flaw as privilege-escalation or information-disclosure vulnerability. The advisory assigned a severity score of 8.3 out of a possible 10 to CVE-2020-12351, one of three distinct bugs that comprise BleedingTooth.

“Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure,” the advisory states. “BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.”

Intel, which is a primary contributor to the BlueZ open source project, said that the most effective way to patch the vulnerabilities is to update to Linux kernel version 5.9, which was published on Sunday. Those who can’t upgrade to version 5.9 can install a series of kernel patches the advisory links to. Maintainers of BlueZ didn’t immediately respond to emails asking for additional details about this vulnerability.

Google and Intel warn of high-severity Bluetooth security bug in Linux
google-and-intel-warn-of-high-severity-bluetooth-security.html

https://safirsoft.com WarGames for real: How one 1983 exercise nearly triggered WWIII

WarGames for real: How one 1983 exercise nearly triggered WWIII

From the archives: Say hello to the KGB software model that forecasted mushroom clouds.

"Let's play Global Thermonuclear War."

...
https://safirsoft.com AI can run your work meetings now

AI can run your work meetings now

"Optimizing" meetings, from automated scheduling to facial recognition to measure attention.

Julian Green was explaining the big problem with me...

https://safirsoft.com Comcast raising TV and Internet prices, including a big hike to hidden fees

Comcast raising TV and Internet prices, including a big hike to hidden fees

Internet prices to rise $3 a month; "Broadcast TV" hidden fee going up $4.50.

Comcast is raising prices for cable TV and Internet service on Jan...

https://safirsoft.com SpaceX Starlink questions answered: “Wider beta” soon, no plan for data caps

SpaceX Starlink questions answered: “Wider beta” soon, no plan for data caps

Starlink technology and the service's future covered in Q&A on Reddit.

SpaceX Starlink engineers answered questions in a Reddit AMA (Ask Me Anyt...

https://safirsoft.com OneWeb emerges from bankruptcy, plans global satellite broadband by 2022

OneWeb emerges from bankruptcy, plans global satellite broadband by 2022

OneWeb plans satellite launches in December and throughout 2021 and 2022.

OneWeb has emerged from Chapter 11 bankruptcy under new ownership and ...

https://safirsoft.com Comcast’s data cap finally goes nationwide in expansion to 12 more states

Comcast’s data cap finally goes nationwide in expansion to 12 more states

Comcast data cap comes to Northeast US over four years after everyone else got it.

Comcast's 1.2TB monthly data cap is coming to 12 more states ...

copyright 2020 safirsoft.com
All rights reserved for the safirsoft website.
It is possible to use the content only by mentioning the name and link to the source page.