October 13, 2024 at 02:30PM Three security vulnerabilities in Xcode 16 include: CVE-2024-44162, which could allow malicious access to Keychain items; CVE-2024-40862, revealing Apple ID ownership; and CVE-2024-44191, enabling unauthorized Bluetooth access. Updates are available for macOS Sonoma 14.5 and later. Release date is September 16, 2024. ### Meeting Takeaways: **Release Information:** – **Product:** Xcode … Read more
June 26, 2024 at 04:48PM Apple released a firmware update for AirPods to fix a vulnerability that could allow unauthorized access. The CVE-2024-27867 vulnerability affects various Apple headphone models, enabling attackers in Bluetooth range to spoof a paired device and gain access. The update addresses the authentication issue and is automatically delivered to user’s devices. … Read more
June 25, 2024 at 11:13PM Summary: Apple ID HT214111 released update on 2024-06-25 addressing CVE-2024-27867, improving state management for Bluetooth. The update is available for AirPods (2nd gen and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro to prevent an attacker in Bluetooth range from gaining access to headphones during connection requests. … Read more
May 14, 2024 at 12:18PM Multiple security flaws have been disclosed in VMware Workstation and Fusion products, impacting versions 17.x and 13.x. Exploitable by threat actors, these flaws allow access to sensitive information, DoS conditions, and code execution. Temporary workarounds are suggested until patches can be deployed, including turning off Bluetooth support and disabling 3D … Read more
May 14, 2024 at 01:33AM Apple and Google have jointly launched a new feature, “Detecting Unwanted Location Trackers” (DULT), to notify users if a Bluetooth tracking device is being used without their knowledge. This move addresses privacy and safety concerns, particularly due to reports of such devices being misused for nefarious purposes. Additionally, Apple has … Read more
January 12, 2024 at 06:15AM Apple announced a firmware update for the Magic Keyboard to fix a Bluetooth vulnerability disclosed by SkySafe engineer. The vulnerability could allow attackers to inject keystrokes without authentication. The update, version 2.0.6, is being rolled out and reportedly mitigates the attack. Users can check for the update in their system … Read more
January 11, 2024 at 09:07AM A session management issue (CVE-2024-0230) impacting Bluetooth accessories was addressed with improved checks. The update, released on January 9, 2024, mitigates the risk of attackers extracting Bluetooth pairing keys and monitoring traffic. Affected products include various Magic Keyboards, with an available update to address the issue. Based on the meeting … Read more
December 8, 2023 at 06:42AM A Bluetooth vulnerability enables attackers to bypass authentication and perform keystroke injection on Android, Linux, and Apple devices. Meeting Takeaways: 1. A security vulnerability has been identified that affects Android, Linux, and Apple devices pertaining to Bluetooth connections. 2. This vulnerability allows attackers to execute a Bluetooth authentication bypass. 3. … Read more
December 7, 2023 at 07:00AM A severe Bluetooth flaw (CVE-2023-45866) allows unauthorized control over Android, Linux, macOS, and iOS devices via keystroke injection without user permission, affecting devices since Android 4.2.2. Discovered by Marc Newlin, no specialized hardware is needed for the exploitation, with full technical details pending release. Meeting Key Takeaways – Critical Bluetooth … Read more
December 4, 2023 at 08:36AM New BLUFFS vulnerabilities, detailed in CVE-2023-24023 with a 6.8 CVSS score, compromise Bluetooth Classic’s forward and future secrecy by enabling adversaries to impersonate devices and intercept communications between paired devices. Researchers suggest mitigation by using secure connection modes and sufficient key entropy. Key Takeaways from the Meeting on Bluetooth Vulnerability … Read more