Security News > 2018 > July > The Bluetooth “device snooping bug” – what you need to know

The Bluetooth “device snooping bug” – what you need to know

2018-07-24 11:59

A "Bluetooth snooping" bug, dubbed CVE-2018-5383, was just announced - are you patched, and how can you tell?

News URL

https://nakedsecurity.sophos.com/2018/07/24/the-bluetooth-device-snooping-bug-what-you-need-to-know/

#bluetooth #CVE-2018-5383

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-07	CVE-2018-5383	Improper Verification of Cryptographic Signature vulnerability in multiple products Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. google apple CWE-347	4.3

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Bluetooth		4	3	10	3	0	16

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.