Bluetooth “BlueBorne” Vulnerabilities - NL

Lenovo Security Advisory: LEN-17125

Potential Impact: Remote code execution

Severity: High

Scope of Impact: Industry wide

CVE Identifier: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251

Summary Description:

A collection of Bluetooth implementation vulnerabilities known as “BlueBorne” have been identified that affect Windows, iOS, and Linux-kernel-based operating systems. In worst case scenarios, these vulnerabilities allow an unauthenticated attacker to perform commands on affected devices.

Mitigation Strategy for Consumers (what you should do to protect yourself):

Patches are available in the latest patch releases from Windows (see Microsoft bulletin), iOS, Linux providers, and Android (see September 2017 security bulletin).

U.S.-based phone and other mobile device users running Android are advised to regularly check this advisory page. Due to the complexity of the U.S. mobile ecosystem, which typically requires manufacturer and carrier support to push updates, updates are in progress. Users are encouraged to accept updates to their Android device upon receiving notifications to update their operating system.

If an update is not available, affected users should consider disabling Bluetooth on affected devices if Bluetooth is unused or unnecessary.

Product Impact: