CyberSecurityBoard
Sponsor Register Login

Critical Vulnerabilities in Bluetooth Protocol Stack Expose Millions of Devices to Remote Code Execution Attacks

PCA Cyber Security has reported to Cyber Security News that the attack utilizes a sophisticated exploitation chain, which combines four distinct vulnerabilities that can be executed with minimal user interaction, necessitating at most a single click from the targeted user. The exploit chain requires minimal user interaction and poses severe risks to in-vehicle infotainment (IVI) systems, potentially allowing attackers to access GPS coordinates, audio recordings, personal data, and perform lateral movement to critical vehicle electronic control units (ECUs). This sophisticated attack vector enables remote code execution (RCE) on millions of devices across automotive and other industries through a series of memory corruption and logical vulnerabilities. This memory corruption vulnerability occurs when the system fails to validate object existence before performing operations, allowing attackers to manipulate freed memory regions and execute arbitrary code. A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Jul 2025 11:50:27 +0000


Cyber News related to Critical Vulnerabilities in Bluetooth Protocol Stack Expose Millions of Devices to Remote Code Execution Attacks

Unraveling the Wonders of Bluetooth - Continuing its evolution, Bluetooth 3.0 + HS arrived in 2009, introducing the concept of Bluetooth High Speed, leveraging Wi-Fi technology for faster data transfer over short distances. Bluetooth 4.0, introduced in 2010, marked a significant ...
1 year ago Feeds.dzone.com
CVE-2022-49910 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2023-53057 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2025-21969 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Undocumented commands found in Bluetooth chip used by a billion devices - Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions. "Tarlogic Security ...
4 months ago Bleepingcomputer.com
CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
1 year ago Tenable.com
CVE-2024-49950 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 ...
8 months ago Tenable.com
New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
1 year ago Bleepingcomputer.com CVE-2023-24023
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
1 year ago Darkreading.com CVE-2023-45866
Bluetooth Vulnerabilities Let Hackers Spy on Your Headphones and Earbuds - The vulnerabilities, identified by cybersecurity researchers at ERNW, affect devices using Airoha Systems on a Chip (SoCs) and impact popular brands including Sony, Marshall, Beyerdynamic, and Bose. These flaws expose a powerful custom protocol ...
2 weeks ago Cybersecuritynews.com
'Wall of Flippers' detects Flipper Zero Bluetooth spam attacks - A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. By detecting the attacks and identifying their origin, users can take targeted protection measures, and culprits can ...
1 year ago Bleepingcomputer.com
CVE-2024-53208 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: ...
6 months ago Tenable.com
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices - Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices. Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, ...
1 year ago Cybersecuritynews.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
Undocumented backdoor found in Bluetooth chip used by a billion devices - "In a context where you can compromise an IOT device with as ESP32 you will be able to hide an APT inside the ESP memory and perform Bluetooth (or Wi-Fi) attacks against other devices, while controlling the device over Wi-Fi/Bluetooth," explained the ...
4 months ago Bleepingcomputer.com
CVE-2024-58013 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
New Bluetooth Vulnerability Leak Your Passcode to Hackers During Pairing - To mitigate this risk, Bluetooth Core Specification 5.4 advises that devices should fail a pairing procedure if a peer’s public key X coordinate matches that of the local device, except when a debug key is used. This vulnerability, known as ...
9 months ago Cybersecuritynews.com CVE-2020-26558
Bluetooth Security Flaw Strikes Apple, Linux, and Android Devices - Vulnerabilities in the constantly changing technology landscape present serious risks to the safety of our online lives. A significant Bluetooth security weakness that affects Apple, Linux, and Android devices has recently come to light in the ...
1 year ago Cysecurity.news CVE-2023-45866
CVE-2024-53207 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task ...
6 months ago Tenable.com
CVE-2024-54460 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid ...
6 months ago Tenable.com
CVE-2024-26890 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with ...
1 year ago Tenable.com
CVE-2025-38118 - In the Linux kernel, the following vulnerability has been resolved: ...
1 week ago
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
3 months ago Cybersecuritynews.com
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)