CVE-2017-14315

Name of the Vulnerable Software and Affected Versions Apple iOS versions 7 through 9

Description The issue is related to a flaw in the implementation of the Low Energy Audio Protocol (LEAP) in Apple iOS, which can lead to a heap overflow with attacker-controlled data when a large audio command is sent to a targeted device. This overflow can be exploited by an attacker to gain full control of the device, leveraging the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control but requires the default "Bluetooth On" value to be present in Settings.

Recommendations For Apple iOS versions 7 through 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.