CVE - CVE-2017-14315

CVE-ID
CVE-2017-14315	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:100816 URL:http://www.securityfocus.com/bid/100816 BUGTRAQ:20190514 APPLE-SA-2019-5-13-6 Apple TV Software 7.3 URL:https://seclists.org/bugtraq/2019/May/30 CONFIRM:https://support.apple.com/kb/HT210121 FULLDISC:20190513 APPLE-SA-2019-5-13-6 Apple TV Software 7.3 URL:http://seclists.org/fulldisclosure/2019/May/24 MISC:https://www.armis.com/blueborne
Assigning CNA
MITRE Corporation
Date Record Created
20170912	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170912)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)