CVE-2017-0785:Information disclosure vulnerability in the Android Bluetooth subsystem affecting multiple Android versions (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0).

splash
Back

Description Preview

This CVE describes an information disclosure vulnerability in the Android system related to the Bluetooth stack. The issue affects Android releases 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID: A-63146698). If exploited, the vulnerability could allow an attacker to disclose sensitive information through the Bluetooth subsystem.

Overview

CVE-2017-0785 is an information disclosure vulnerability in the Android Bluetooth subsystem that affects Android versions from 4.4.4 through 8.0. The vulnerability could enable leakage of sensitive data via Bluetooth, potentially exposing device identifiers or other Bluetooth-related information. The issue was disclosed publicly in 2017, with subsequent security updates and advisories addressing the flaw.

Remediation

  • Apply the latest Android security updates and patches from Google and device OEMs to ensure the fix for CVE-2017-0785 is installed.
  • If a patch is not yet available, mitigate by disabling Bluetooth when not in use and keeping the device non-discoverable to reduce exposure.
  • For organizations, enforce patch management through MDM/EMM to ensure devices reach an appropriate security baseline and monitor patch status.
  • Review and follow the Android Security Bulletin 2017-09-01 and related advisories for information about fixed versions and mitigations.

References

  • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
  • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
  • https://source.android.com/security/bulletin/2017-09-01
  • http://www.securitytracker.com/id/1041300
  • http://www.securityfocus.com/bid/100812

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Public Administration: Low
    Public Administration
  2. Manufacturing: Low
    Manufacturing
  3. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  4. Educational Services: Low
    Educational Services
  5. Finance and Insurance: Low
    Finance and Insurance
  6. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  7. Transportation & Warehousing: Low
    Transportation & Warehousing
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  12. Retail Trade: Low
    Retail Trade
  13. Accommodation & Food Services: Low
    Accommodation & Food Services
  14. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  15. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  16. Construction: Low
    Construction
  17. Mining: Low
    Mining
  18. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background