A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices.
Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a practical Key Negotiation Of Bluetooth (KNOB) attack taking advantage of it.
They also shared their discovery with the Bluetooth Special Interest Group (Bluetooth SIG), the CERT Coordination Center, and members of the International Consortium for Advancement of Cybersecurity on the Internet (ICASI), which include Intel, Microsoft, Cisco, Juniper and IBM. Most of these have already implemented the fixes required to prevent exploitation of the flaw.
