A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perform commands on the device.
The following vulnerabilities have been identified in various Bluetooth implementations:
1. CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2017-1000251
An unauthenticated, remote attacker may be able to obtain private information about the device or user, or execute arbitrary code on the device.
Apply an update
Disable Bluetooth on your device
These vulnerabilities were publicly disclosed by Ben Seri and Gregory Vishnepolsky of Armis. Armis acknowledges Alon Livne for the Linux RCE (CVE-2017-1000251) exploit.
This document was written by Garret Wassermann.