Security News > 2021 > November > CISA urges vendors to patch BrakTooth bugs after exploits release
Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress.
CISA warned vendors Thursday to patch these vulnerabilities after the security researchers released the proof of concept tool to test Bluetooth devices against BrakTooth exploits.
BrakTooth tool now available for vendors to test and guard against Bluetooth vulnerabilities.
The impact associated with the BrakTooth bugs ranges from denial-of-service by crashing the device firmware or freezes via deadlock conditions that block Bluetooth communication to arbitrary code execution that can lead to complete takeover depending on the vulnerable SoC used in the targeted device.
While some vendors have already issued security patches to address the BrakTooth vulnerabilities, it will take months to propagate to all unpatched devices.
A list of impacted vendors tracked by the researchers and their patch status can be found here or in the table embedded below.
News URL
Related news
- Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)