Bluetooth Security Vulnerability Discovered, but Apple's Fix is Already in Place

https://ift.tt/2G7aHxW

A newly discovered Bluetooth vulnerability that was published this week by Intel has the potential to allow a nearby hacker to gain unauthorized access to a device, intercepting traffic and sending forged pairing messages between two vulnerable Bluetooth devices.

The vulnerability affects Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, and Qualcomm.

From Intel's explanation:

A vulnerability in Bluetooth(R) pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth(R) devices. This may result in information disclosure, elevation of privilege and/or denial of service.

As BleepingComputer explains, Bluetooth-capable devices are not sufficiently validating encryption parameters in "secure" Bluetooth connections, leading to a weak pairing that can be exploited by an attacker to obtain data sent between two devices.

According to the Bluetooth Special Interest Group (SIG) it's not likely many users were impacted by the vulnerability.

For an attack to be successful, an attacking device would need to be within wireless range of two vulnerable Bluetooth devices that were going through a pairing procedure. The attacking device would need to intercept the public key exchange by blocking each transmission, sending an acknowledgment to the sending device, and then injecting the malicious packet to the receiving device within a narrow time window. If only one device had the vulnerability, the attack would not be successful.

Both Bluetooth and Bluetooth LE are affected. Apple has already introduced a fix for the bug on its devices (in macOS High Sierra 10.13.5/10.13.6, iOS 11.4, tvOS 11.4, and watchOS 4.3.1), so iOS and Mac users do not need to worry. Intel, Broadcom, and Qualcomm have also introduced fixes, while Microsoft says its devices are not affected.

Tag: Bluetooth

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories https://ift.tt/2LvtA0f

Comments

How to Get a MacBook or MacBook Pro Keyboard Repaired Free Under Apple's Service Program

https://ift.tt/2tocBCJ Apple has initiated a new worldwide service program offering free repairs of MacBook and MacBook models equipped with low-profile, butterfly mechanism keyboards, after the company determined that "a small percentage" of the keyboards may develop one or more of the following issues: Letters or characters repeat unexpectedly Letters or characters do not appear Key(s) feel "sticky" or do not respond in a consistent manner Apple or Apple Authorized Service Providers will service eligible MacBook and MacBook Pro keyboards free of charge. Apple says the process may involve the replacement of one or more keys or the whole keyboard. The following MacBook and MacBook Pro models are eligible for the program: MacBook (Retina, 12-inch, Early 2015) MacBook (Retina, 12-inch, Early 2016) MacBook (Retina, 12-inch, 2017) MacBook Pro (13-inch, 2016, Two Thunderbolt 3 Ports) MacBook Pro (13-inch, 2016, Four Thunderbolt 3 Ports) MacBook Pro...

How to like, comment, and add subscribers to shared photo albums on your iPhone, iPad, Mac, or PC

https://ift.tt/2q570On With iCloud Photo Sharing, you can share, like, and comment on photos and videos with friends and family around the world — no social media account needed. Making or subscribing to a shared photo album on iCloud is just the beginning: Once you're part of a shared album with your friends, family, or co-workers, you can add comments, like photos, invite more pals into the fray, and more. iCloud Photo Sharing: The ultimate guide If you want the social media experience without having to plaster your images across the internet, iCloud Photo Sharing offers some great tools for it. Here's how you can like your friends' images, add new people to an existing shared album, and add comment threads to photos and video. How to share albums with people who don't use iCloud How to add someone to a shared photo album How to remove someone from a shared photo album How to let other people add photos and video to your shared photo album How to like...

The Instant Pot Craze and How it's Disrupting Kitchens Everywhere

http://ift.tt/2InTBKj Pressure cooker? Slow cooker? Rice cooker? The Instant Pot is all of these things and more! The Canadian-designed Instant Pot is essentially a roided out slow cooker for half the price of most decent slow cookers on the market. There are several iterations of the Instant Pot, and it may just be able to replace every imaginable kitchen appliance you have. So what's the hubbub? Is the hype real? Let's take a look! See at Amazon What does it do? I think, in terms of kitchen capabilities, the better question is what doesn't the Instant Pot do? The lower-end versions have 6-in-1 functionality, while the Ultra, for example, can be a slow cooker, pressure cooker, rice cooker, yogurt maker, cake maker, egg cooker, sauté cooker, steamer, warmer, and sterilizer. Oh, and the 6-quart Ultra model is only $150 ... Somehow… Basically, the Instant Pot could be your tool for cooker just about everything. With many programmable cooking options, for everyt...

Apple Rumors

Search This Blog