Google has issued a security bulletin regarding vulnerabilities in the Android operating system that could put users’ devices at risk.
One of the vulnerabilities, given a severity rating of “Critical” by Google, relates to a flaw that could allow an attacker, within range of a device’s Bluetooth signal, to run malicious code without requiring any interaction from the user.
Researchers at ERNW, who discovered the security vulnerability (dubbed CVE-2020-0022), described it as follows:
“On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm).”
Worryingly, Android 8.0-9.0 account for over 60% of the Android devices in use.
Android OS version marketshare worldwide, February 2020. Source: gstatcounter.com
The researchers go on to explain that for technical reasons the vulnerability cannot be exploited on Android 10, but may cause the Bluetooth daemon to crash. It is not yet known if versions of Android prior to 8.0 are at risk.
ERNW reported the vulnerability to Microsoft on November 3, 2019, since when a patch has been in the works.
Google informed other Androi ..
Support the originator by clicking the read the rest link below.
