Skip to main content

BlueBorne Bluetooth Vulnerabilities

A number of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, OS X, and Linux-kernel-based operating systems including Android and Tizen.
Threat ID:
CC-1635
Category:
Threat Severity:
Medium
Threat Vector:
Published:
13 September 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A number of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, OS X, and Linux-kernel-based operating systems including Android and Tizen.

Affected platforms

The following platforms are known to be affected:

Bluetooth

All Bluetooth enabled devices.

Threat details

These vulnerabilities allow an unauthenticated attacker to perform commands on the device.

The following vulnerabilities have been identified in various Bluetooth implementations:

  • CVE-2017-1000251 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 
  • CVE-2017-1000250 - Out-of-bounds Read 
  • CVE-2017-0785 - Out-of-bounds Read
  • CVE-2017-0781 - Heap-based Buffer Overflow
  • CVE-2017-0782  - Integer Underflow (Wrap or Wraparound)
  • CVE-2017-14315  - Heap-based Buffer Overflow
  • CVE-2017-0783 and CVE-2017-8628 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Remediation steps

Type Step
  • If your using a Bluetooth enabled Microsoft product, apply their September security patches.
  • Check your device manufacturer for a firmware update.
  • Users should consider disabling Bluetooth on affected devices if Bluetooth is unused or unnecessary.

Last edited: 17 February 2020 11:27 am