The BlueBorne vulnerability allows remote hackers to gain complete control over a Bluetooth-enabled device even when it is not paired with the hacker's device or even set to discoverable mode. It can affect smartphones, tablets, PCs, and even IoT devices. The software update released for the Galaxy S7 contains a fix for this vulnerability. Samsung has also plugged this vulnerability with a software update for the Galaxy Note 8, Galaxy S5, and the Galaxy A5 (2016).
For other Android smartphones, a fix for the BlueBorne vulnerability was fixed with the September 2017 security patch, but Samsung has plugged the hole on its devices with the August 2017 security patch. These updates are included in firmware versions that include the letter ‘I' in the penultimate position (for example, G930FXXU1DQIC for the Galaxy S7 and N950FXXU1AQI1 for the Galaxy Note 8). The Galaxy S8 and the Galaxy S8+ haven't received this fix yet.
This is the reason why so many Galaxy phones haven't received the September 2017 Android security patch yet. Samsung was busy in rolling out updates to fix the BlueBorne vulnerability, but there's still a chance that the company would roll out the latest Android security patch. If that doesn't happen, the company is most likely to include all the September security fixes with the October security update and roll them out at once.
