You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Threat Intelligence Alert: CISA Urges Vendors to Patch BrakTooth Bugs after Exploit Released
Key Details
Pending CVE’s - BrakTooth
Disclosure Date – 31st August 2021 (PoC released on the 1st of November)
CVSS Score – N/A
Affected Products – Multiple Vendors: Intel, Qualcom, Texas Instruments, Cypress (over 1,400 chipsets) - Dell desktops and laptops, MacBooks and iPhones, multiple Microsoft Surface laptop models, Sony and Oppo smartphones, Volo infotainment systems.
Exploit Released – Yes
Patch Available – Yes
Summary
On the 4th of November, CISA released an advisory regarding a proof-of-concept tool released by researchers on the 1st of November for vulnerabilities referred to as BrakTooth (initially disclosed in August): a family of vulnerabilities affecting commercial Bluetooth stacks. As a result of these far-reaching vulnerabilities, the exploit affects a multitude of vendors and chipsets (review the above table) and some of these vendors have already released patches for BrakTooth. Upon exploitation, a threat actor could achieve the ability to perform arbitrary code execution or Denial of Service attacks.
Mitigation
NCC Group urges our customers to review the above table in the “Affected Products” section that was released by CISA and apply any patches that are available. CISA urges clients to contact their vendors for patches or appropriate workarounds.
NCC Group Actions
The NCC Group Threat Intelligence team is actively monitoring for further reports relating to this vulnerabilities.