CVE-2014-7914

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1

Description The issue allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. This is due to the improper enforcement of the temporary nature of a Bluetooth pairing in the btif/src/btif dm.c file.

Recommendations For Android versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting Bluetooth pairing to trusted devices and avoiding the use of NFC tags from untrusted sources.