Bluetooth security flaw requires updating to recent iOS, macOS versions


It's necessary to update your iPhone, iPad, or MacBook to remove a Bluetooth security flaw.
No more procrastinating. It's necessary to update your iPhone, iPad, or MacBook to remove a Bluetooth security flaw.
Photo: Apple

Many people are slow about updating the operating system on their phone or laptop, sometimes from fear of bugs. But a security flaw in Bluetooth requires updating to recent versions of iOS or macOS to fix.

This flaw could allow a hacker to access information exchanged over Bluetooth. And it affects recent and older iPhones and MacBooks.

When two Bluetooth devices pair, they exchange public keys to produce a shared private key. The U.S. Computer Emergency Response Team (CERT) at Carnegie Mellon’s Software Engineering Institute reports that a flaw in the Bluetooth implementation allows a hacker to surruptitiously obtain the private key, allowing them to “passively intercept and decrypt all device messages, and/or forge and inject malicious messages.”

“Every iPhone device with a Broadcom or Qualcomm chip is inherently vulnerable,” Lior Neumann, one of the researchers at the Israel Institute of Technology who discovered the bug, warned Forbes. This includes all the most recent models.

Apple isn’t being singled out. “As far as we know every Android — prior to the patch published in June — and every device with wireless chip of Intel, Qualcomm or Broadcom is vulnerable,” said Neumann.

Remove this Bluetooth security flaw by updating your devices

The Bluetooth SIG was informed of this problem, and updated the specification to fix it.  Apple was also notified in January, and already has patches for iPhone, iPad, MacBooks, iMac Pro, etc.

Even better, there’s a good chance you applied the fixes months ago. They were contained in late-May’s iOS 11.4 and in early-June’s macOS High Sierra 10.13.5. Anyone who’s on a more recent version of either operating system is also protected.

But those still on an out-of-date version of iOS or macOS are vulnerable to this Bluetooth security flaw. And now that it’s being publicly acknowledged and the details published, it’s possible the odds of it being used have increased.