Description
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100816
Technical Description, Third Party Advisory x_refsource_misc
https://www.armis.com/blueborne
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/May/24
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT210121
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/30
Scores
CVSS v3
7.5
EPSS
0.0100
EPSS Percentile
58.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (30)
apple/iphone_os
7.0
apple/iphone_os
7.0.1
apple/iphone_os
7.0.2
apple/iphone_os
7.0.3
apple/iphone_os
7.0.4
apple/iphone_os
7.0.5
apple/iphone_os
7.0.6
apple/iphone_os
7.1
apple/iphone_os
7.1.1
apple/iphone_os
7.1.2
... and 20 more
Published
Sep 12, 2017
Tracked Since
Feb 18, 2026