Google and Intel have just unveiled a new Bluetooth flaw, called BleedingTooth, which concerns the Linux operating system. It allows access to a machine within range without any interaction on the targeted device. A Linux kernel update is already available.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyberattacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the hackers’ methods and what are the most massive cyber attacks?
Definitely, bluetooth is still the victim of a new fault. This time, it is the devices using the operating system Linux that are affected. The problem was exposed on Twitter by Andy Nguyen, engineer at Google, who baptized him BleedingTooth.
does not communicate technical details, but promises an upcoming publication on the google official blog.BleedingTooth is a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices.
— Andy Nguyen (@theflow0) October 13, 2020
The researcher also shared a video that shows the exploitation of the fault to launch the calculator without any intervention on the victim device. The vulnerability is at the level of BlueZ, the stack of protocol Bluetooth used in Linux since kernel version 2.4.6. It therefore concerns computers Linux, but also many connected objects. Mobiles Android are however spared.
A demonstration of the flaw BleedingTooth, without any interaction on the victim device. © Andy Nguyen
Linux kernel update is available
Intel also posted a security advisory on this flaw, under reference CVE-2020-12351. The firm assigns it a severity of 8.3 out of 10, and details three distinct elements that allow elevation of privileges, disclosure of information and an attack of the type denied service.
Intel recommends updating the linux kernel to version 5.10 which is not impacted. For those who can’t, the company has included a list of patch links in its post. If this flaw is severe, the risk must be put into perspective since the attacker must be within range of the targeted device. However, updates are rare on connected objects, which may remain vulnerable until they are replaced.
Interested in what you just read?
Source link by https://www.futura-sciences.com/tech/actualites/cybersecurite-google-intel-mettent-garde-faille-critique-linux-83649/
*The article has been translated based on the content of Source link by https://www.futura-sciences.com/tech/actualites/cybersecurite-google-intel-mettent-garde-faille-critique-linux-83649/
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!
These were the details of the news Google and Intel warn of critical flaw in Linux for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at en24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.
