Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Google and Intel are worried about a new Linux vulnerability

Image Description

A new Bluetooth flaw in all but the most recent version of the Linux Kernel has caught the attention of both Google and Intel which have both issued warnings about its severity.

The flaw itself resides in the BlueZ software stack that is used to implement Bluetooth core protocols and layers in Linux. In addition to being used in Linux laptops, the software stack is also used in many consumer devices as well as industrial IoT devices.

Google engineer Andy Nguyen has given the vulnerability the name BleedingTooth and in a recent tweet, he explained that it is actually “a set of zero-click vulnerabilities in the Linux Bluetooth subsystem that can allow an unauthenticated remote attacker in short distance to execute arbitrary code with kernel privileges on vulnerable devices”.

According to Nguyen, he was inspired by research that led to the discovery of another proof-of-concept exploit called BlueBorne that allows an attacker to send commands without requiring a user to click on links.

BleedingTooth

Although Nguyen has said that BleedingTooth allows seamless code execution by attackers within Bluetooth range, Intel instead believes the flaw provides a means for an attacker to achieve privilege escalation or to disclose information.

The chip giant has also issued an advisory in which it explained that BleedingTooth is actually comprised of three separate vulnerabilities tracked as CVE-2020-12351, CVE-2020-12352 and CVE-2020-24490. While the first vulnerability has a high-severity CVSS score of 8.3, the other two both have CVSS scores of 5.3. In its BlueZ advisory, Intel explained that Linux kernel fixes will be released soon, saying:

“Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure. BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities.”

Intel itself is one of the main contributors to the BlueZ open source project and according to the chipmaker, a series of kernel patches is the only way to address BleedingTooth. While concerning, the vulnerability isn't the kind of thing users should be afraid of as an attacker would need to be in close proximity of a vulnerable Linux device to exploit BleedingTooth.

Via Ars Technica

Date

16 Oct 2020

Sources


Share


Other Blog

  • This Raspberry Pi computer can shoot actual laser beams

    The contraption relies on computer vision and AI to detect and track mosquitoes.

    Read More
  • SEMRush adds PR-as-a-service

    SEMRush has acquired a 100 percent stake in the digital PR firm Prowley for an undisclosed sum.

    Read More
  • Is AMD Zen 5 coming to bury Intel's Alder Lake?

    Intel has a lot riding on its upcoming Alder Lake processors, so a rumored 3nm big.LITTLE chip from AMD is pretty bad news for Team Blue

    Read More
  • Zoom now lets you cut all video feeds

    Zoom has unveiled a number of updates and changes to its platform to help users enhance their video conferencing tools.

    This includes attendance status for Zoom Meetings, new features to enhance in-meeting engagement, and connections.

    But the company has also revealed a feature to stop all incoming video from appearing on their screen. Zoom says this should help photo-sensitive people avoid overstimulation from viewing multiple webcam feeds at once, but it will also help anyone looking to preserve bandwidth. 

    Reducing Zoom wait time

    Zoom also wanted to reduce the wait time before meetings, so has now enabled hosts to see whether everyone who accepted a meeting invite has joined the call. To those that did not, hosts will be able to send a quick chat message. This feature is also available for free users, and should be rolled out to licensed accounts “over the next few months”.

    There is also the ability for meeting participants to chat with the hosts in the meeting Waiting Room, and more certified hardware options have been added for Zoom Phone, while the tool can now be integrated with IFTTT and Zendesk.

    Finally, Zoom said it optimized its platform for Apple’s new MacBook Pro, including the M1 Pro and M1 Max, providing an “optimized, full-screen experience” on the new Liquid Retina XDR display.

    The news comes shortly after the company also announced new Zoom Events conference capabilities that allow full-scale events to be held online, including broader support for multi-day and multi-track events, session streaming to the lobby, enhanced sponsor and networking features. 

    Looking to up your video conferencing game? We've also rounded off the best headsets around right now

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us