Discover Security Vulnerabilities News
Discover How To Secure My Firewall HOWTOs
BleedingTooth: Google drops full details of zero-click Linux Bluetooth bug chain leading to RCE
Google security researcher Andy Nguyen has disclosed long-awaited details of zero-click vulnerabilities in the Linux Bluetooth subsystem that allow nearby, unauthenticated attackers “to execute arbitrary code with kernel privileges on vulnerable devices”. Nguyen claims that his findings ultimately led to a safer, more stable kernel.
Dubbed ‘BleedingTooth’, the trio of security flaws were found in BlueZ, the open source, official Linux Bluetooth protocol stack found on Linux-based laptops and IoT devices.
Google security engineer Andy Nguyen dropped a technical write-up on Twitter on April 6 that exhaustively recounts how he discovered and chained the bugs to achieve remote code execution (RCE) on a Dell laptop running Ubuntu 20.04.1 without ‘victim’ interaction.