CVE-2017-14315

HIGH

iPhone OS 7-9 - Heap Overflow via LEAP Audio Command

Title source: llm
STIX 2.1

Description

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100816
Technical Description, Third Party Advisory x_refsource_misc
https://www.armis.com/blueborne
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/May/24
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT210121
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/30

Scores

CVSS v3 7.5
EPSS 0.0100
EPSS Percentile 58.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (30)
apple/iphone_os 7.0
apple/iphone_os 7.0.1
apple/iphone_os 7.0.2
apple/iphone_os 7.0.3
apple/iphone_os 7.0.4
apple/iphone_os 7.0.5
apple/iphone_os 7.0.6
apple/iphone_os 7.1
apple/iphone_os 7.1.1
apple/iphone_os 7.1.2
... and 20 more
Published Sep 12, 2017
Tracked Since Feb 18, 2026