Lior Neumann

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.13 iOS versions prior to 11.4 Android versions prior to the 2018-06-05 patch Description: The issue is related to incorrect validation of cryptographic signatures in Bluetooth drivers for Android, macOS, and iOS operating systems. This can allow an attacker to perform a "man-in-the-middle" attack. The vulnerability is due to insufficient validation of elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Recommendations: For macOS versions prior to 10.13, update to version 10.13 or later. For iOS versions prior to 11.4, update to version 11.4 or later. For Android versions prior to the 2018-06-05 patch, apply the 2018-06-05 patch or later.