Cyber-security firm ERNW has discovered a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process. According to the firm devices that run on Android 8.0 to 9.0 can be attacked by an attacker within proximity that can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. In order to get access only the Bluetooth MAC address of the target is required. This vulnerability will eventually lead to the theft of personal data and could potentially be used to spread malware. ARNW in its report said, “On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.” It further explained that “Android versions even older than 8.0 might also be affected but we have not evaluated the impact.” The users of the smartphones with the above OS are advised to install the available security patch for the month of February 2020. You are also advised to enable Bluetooth only when it is necessary. It is recommended to use supported wire instead of connecting your headphones to Bluetooth. Another way to protect your phone is to keep your phone in non-discoverable mode while the Bluetooth is turned on. To check for available Android updates, go to Setting and then tap on About Phone option. Now check for updates and install if any latest update is available. For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.
