The vulnerability in question is CVE-2017-9417, better known as Broadpwn. Broadpwn can affect the Wi-Fi chips that are widely installed in iOS and Android devices. More specially, Broadpwn targets the Broadcom BCM4354, 4358 and 4359 Wi-Fi chipsets, and can be remotely activated without any direct interaction from the user to execute cote within the operating system.
Apple detailed the exploit in the release notes for iOS 10.3.3, providing a list of affected devices and the scope of the problem:
Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
Nitay Artenstein of Exodus Intelligence first discovered the exploit, and said that in addition to the iPhone, Android devices including smartphones from HTC, Google (a patch was provided for these phones in a July security update), LG and that “practically the full range of Samsung flagship devices” are affected.
Artenstein will further discuss the inner working of Broadpwn later this month at the annual Black Hat conference held in Las Vegas, Nevada.