Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

Several vulnerabilities were announced in several implementations
of Bluetooth drivers.

Impacted products: iOS by Apple, iPhone, Android OS, Linux,
Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012,
Windows 2016, Windows 7, Windows 8, Windows RT, SUSE Linux
Enterprise Desktop, SLES, Unix (platform) not comprehensive,
WindRiver Linux.

Severity: 2/4.

Creation date: 12/09/2017.

Revisions dates: 13/09/2017, 13/09/2017.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in several implementations
of Bluetooth drivers:
– Android : Information Leak Vulnerability (CVE-2017-0785) -
VIGILANCE-VUL-23741
– Android : Remote Code Execution Vulnerability #1
(CVE-2017-0781) - VIGILANCE-VUL-23741
– Android : Remote Code Execution vulnerability #2
(CVE-2017-0782) - VIGILANCE-VUL-23741
– Android : Man in The Middle attack (CVE-2017-0783) -
VIGILANCE-VUL-23741
– Windows : Man in The Middle attack (CVE-2017-8628) -
VIGILANCE-VUL-23826
– Linux : BlueZ Information leak vulnerability (CVE-2017-1000250)
– VIGILANCE-VUL-23829
– Linux : Kernel > 3.3 Stack overflow (CVE-2017-1000251) -
VIGILANCE-VUL-23830
– iOS : Remote code execution via Low Energy Audio Protocol
(CVE-2017-14315) - mitigated by iOS 10

This bulletin serves as a cap because all these vulnerabilities
have been grouped under the name "BlueBorne". Individual bulletins
are referenced at the end of each line.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/Bluetooth-Drivers-multiple-vulnerabilities-23818