With the release of iOS 10.3.3 yesterday, Apple has patched a serious vulnerability in the Broadcom Wi-Fi chip used in recent iPhone, iPad, and iPod touch devices.
Dubbed Broadpwn, the vulnerability was found by Exodus Intelligence researcher Nitay Artenstein.
Meet Broadpwn, a vulnerability in Broadcom's Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction. The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices - from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.
At Blackhat USA 2017 (July 22-24), Artenstein will explain how the bug was found and exploited to achieve full code execution and how they went on to leverage control of the Wi-Fi chip in order to run code in the main application processor.
Here's the security note detailing Apple's Broadpwn fix...
---
Wi-Fi
● Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
● Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
● Description: A memory corruption issue was addressed with improved memory handling.
● CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
---
You can download the new iOS 10.3.3 firmware directly using the links below:
● Where to Download iPhone Firmware From
● Where to Download iPad Firmware From
● Where to Download iPod touch Firmware From
Please follow iClarified on Twitter, Facebook, or RSS for updates.
Dubbed Broadpwn, the vulnerability was found by Exodus Intelligence researcher Nitay Artenstein.
Meet Broadpwn, a vulnerability in Broadcom's Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction. The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices - from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.
At Blackhat USA 2017 (July 22-24), Artenstein will explain how the bug was found and exploited to achieve full code execution and how they went on to leverage control of the Wi-Fi chip in order to run code in the main application processor.
Here's the security note detailing Apple's Broadpwn fix...
---
Wi-Fi
● Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
● Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
● Description: A memory corruption issue was addressed with improved memory handling.
● CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
---
You can download the new iOS 10.3.3 firmware directly using the links below:
● Where to Download iPhone Firmware From
● Where to Download iPad Firmware From
● Where to Download iPod touch Firmware From
Please follow iClarified on Twitter, Facebook, or RSS for updates.