CVE-2017-13160:Remote code execution vulnerability in the Android Bluetooth stack affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (CVE-2017-13160). An attacker could potentially execute arbitrary code on a device via crafted Bluetooth data, with the issue documented in the December 2017 Android security bulletin.

splash
Back

Description Preview

CVE-2017-13160 is a remote code execution vulnerability in the Android system Bluetooth component. It affects Android versions 7.0, 7.1.1, 7.1.2 and 8.0. The flaw could allow an attacker to run arbitrary code on a affected device by sending specially crafted Bluetooth data, potentially compromising device integrity. The vulnerability was disclosed in the Android Security Bulletin for December 2017 (Android ID A-37160362).

Overview

This CVE describes a remote code execution flaw in Android’s Bluetooth subsystem that impacts multiple Android releases (7.0, 7.1.1, 7.1.2, 8.0). It was publicly documented in the December 2017 Android security bulletin, indicating the severity of the issue and the need for applying the relevant security updates to mitigate the risk.

Remediation

  • Apply the latest Android security updates and patches corresponding to the December 2017 bulletin (or later) to affected devices, ensuring that CVE-2017-13160 is addressed.
  • If timely patching is not possible, disable Bluetooth on devices or keep Bluetooth non-discoverable and restrict pairing to reduce exposure.
  • Enforce device-wide security hardening and patch management in managed environments (e.g., via MDM) to accelerate update rollout and verification.
  • Monitor vendor advisories and CVE references (e.g., Android bulletin 2017-12-01) for any follow-up guidance or fixes and validate patch installation in testing before broad deployment.

References

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Low
    Manufacturing
  2. Public Administration: Low
    Public Administration
  3. Educational Services: Low
    Educational Services
  4. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  5. Transportation & Warehousing: Low
    Transportation & Warehousing
  6. Finance and Insurance: Low
    Finance and Insurance
  7. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  8. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  9. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  10. Retail Trade: Low
    Retail Trade
  11. Accommodation & Food Services: Low
    Accommodation & Food Services
  12. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  13. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  14. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  15. Construction: Low
    Construction
  16. Information: Low
    Information
  17. Mining: Low
    Mining
  18. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background