PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution

Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue , can be fashioned...

PT-2025-29081

Name of the Vulnerable Software and Affected Versions: OpenSynergy BlueSDK aka Blue SDK versions through 6.x Description: The BlueSDK Bluetooth stack contains an Improper Input Validation flaw. The issue stems from insufficient validation of the remote L2CAP channel ID CID. An attacker can exploi...

CVE-2024-36842

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57LV3.220220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component...

CVE-2024-36842

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57LV3.220220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component...

PT-2025-16356 · Unknown +1 · Oncord+ Android Infotainment Systems +1

Name of the Vulnerable Software and Affected Versions: Oncord+ Android Infotainment Systems version Android 12 Description: The issue allows a remote attacker to execute arbitrary code via the ADB port component. Recommendations: For Oncord+ Android Infotainment Systems version Android 12, consid...

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers

New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime...

CVE-2024-8360

Visteon Infotainment REFLASHDDUExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerabilit...

CVE-2024-8359

Visteon Infotainment REFLASHDDUFindFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability...

(0Day) Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration o...

Judge rules it’s fine for car makers to intercept your text messages

A federal judge has refused to bring back a class action lawsuit that alleged four car manufacturers had violated Washington state’s privacy laws by using vehicles’ on-board infotainment systems to record customers’ text messages and mobile phone call logs. The judge ruled that the practice doesn...

FTC Releases Alert on Securing Personal Information When Using Rental Vehicles

The Federal Trade Commission FTC has released recommendations for consumers to protect their personal data when using rental vehicles. Rental vehicles may contain infotainment systems that can connect with personal devices to stream music, allow hands-free calls and texts, or guide navigation...

Connected Cars' Cybersecurity Falls Short

As automakers rush to market connected cars to feed drivers hungry for collision avoidance systems and self-parking features, security experts are urging the industry to pump its brakes and prioritize the their cars’ cyber defenses. In a report released Tuesday by IDC and the security firm...