Is CVE-2023-45866 fixed on macOS Ventura and macOS Monterey?

Question

Level 1

5 points

Is CVE-2023-45866 fixed on macOS Ventura and macOS Monterey?

Hi all!

Recently a pretty critical bug was discovered in bluetooth implementation CVE-2023-45866. iOS and MacOS are vulnerable too. You can read more here https://github.com/skysafe/reblog/tree/main/cve-2023-45866.

I have noticed on Apple security release page (Apple security releases - Apple Support) that this bug was fixed for both:

MacOS Sonoma - About the security content of macOS Sonoma 14.2 - Apple Support
and IoS 17 - About the security content of iOS 17.2 and iPadOS 17.2 - Apple Support

However, I have not found any information that it was also fixed on older (yet still supported) MacOS versions - Ventura and Monterey.

Main questions is: Are macOS Ventura and macOS Monterey still vulnerable for CVE-2023-45866? Is only Sonoma fixed?

Thanks in advance!

MacBook Pro 13″, macOS 14.2

Posted on Jan 9, 2024 5:25 AM

Reply

Answer 1

Traxuss Author

Level 1

5 points

Jan 10, 2024 1:41 AM in response to dialabrain

Hi,

Thanks for Your answer!

Personally I do not agree that unauthorized keystroke injection is not a big deal. Many Apple users (vulnerability impacts not only Macs but also iOS) have bluetooth turned on all the time and use their devices frequently outside of their homes in crowded places. Of course bluetooth vulnerabilities require physical proximity but it does not change the fact that security specialists consider this bug as Critical. I do not think that it should be downplayed.

Nevertheless, I do not think that this is the most important element of this question. More important is the potential fact (I want to figure out is it true or not) that Apple might have released Fix for that critical vulnerability only for the newest devices (supporting Sonoma na iOS 17) and NOT for older, but still supported devices (Venture, Monterey and iOS 16). I think this is much more important element of that question.

Best Regards!

Reply

Answer 2

petaxx

Level 1

8 points

Mar 24, 2024 6:57 AM in response to dialabrain

The reason I am here is that I notice that someone is hacking my keyboard for sure. I live in an apartment block that is empty other than two residences, both are within 30 ft. There are live BlueTooth devices in close proximity. Someone is really messing with me. So I know what the problem is, I see it in action right in front of my eyes, and there is nothing short of turning off bluetooth to stop it. Which makes 1000s of dollars worth equipment, at best dysfunctional. Thanks Apple.

Reply

Answer 3

dialabrain

Level 10

135,569 points

Jan 9, 2024 5:45 AM in response to Traxuss

I don't know the answer but unless you expect a bad actor to be within 30 ft of your Macs I wouldn't worry too much about it. I'm certainly not.

Reply

Answer 4

dialabrain

Level 10

135,569 points

Jan 10, 2024 1:53 AM in response to Traxuss

You're welcome. The point I was trying to make is the chances of being the target of this particular vulnerability is next to nothing. You can certainly disagree. 😎

Reply

Is CVE-2023-45866 fixed on macOS Ventura and macOS Monterey?

Similar questions