The most reliable source of information about Android vulnerabilities is Google's official Android Security Bulletin:
https://source.android.com/security/bulletin/2017-09-01
Others' recaps can get it wrong. Be especially suspicious if an article doesn't even link to the official bulletin, in which case it may just be trying to paraphrase someone else's paraphrase.
The Blueborne vulnerability corresponds to CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 in the September security patch.
Google credits Armis Labs for discovering the flaw. Here is Armis's summary of it:
https://www.armis.com/blueborne/