"CISA Urges Vendors To Patch BrakTooth Bugs After Exploits Release"

Researchers from the Singapore University of Technology and Design (SUTD) released public exploit code and a proof of concept (POC) tool to test Bluetooth devices for a set of 16 System-on-a-Chip (SoC) flaws known as BrakTooth. The researchers discovered these security vulnerabilities to be impacting commercial Bluetooth stacks on more than 1,400 chipsets used in billions of devices, including devices such as smartphones, computers, audio devices, Internet of Things (IoT) devices, and industrial equipment. Devices including Dell desktops, MacBooks, iPhones, Volo infotainment systems, and more, are on the list of devices with vulnerable SoCs. The exploitation of these security flaws could result in a Denial-of-Service (DoS) condition through firmware crashes or the complete takeover of a targeted device via Arbitrary Code Execution (ACE). The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) is urging vendors to patch the BrakTooth vulnerabilities after the security researchers made the POC tool available for testing BlueTooth devices against BrakTooth exploits. The federal agency is also asking manufacturers and developers to review details about the vulnerabilities published by the researchers in August, as well as update vulnerable Bluetooth SoC applications or employ workarounds. This article continues to discuss the potential exploitation and impact of the BrakTooth vulnerabilities, along with efforts to address them.

Bleeping Computer reports "CISA Urges Vendors To Patch BrakTooth Bugs After Exploits Release"