Apple iOS 10.3.3 Update Fixes Crippling Broadpwn Wi-Fi Hack, Update Now

If you own a newer iOS device, you are probably going to want to update to iOS 10.3.3 immediately (if you haven’t already done so). Apple’s iOS 10.3.3 update contains a total of 47 security fixes, but one in particular is gaining attention for its ferocity.

The vulnerability in question is CVE-2017-9417, better known as Broadpwn. Broadpwn can affect the Wi-Fi chips that are widely installed in iOS and Android devices. More specially, Broadpwn targets the Broadcom BCM4354, 4358 and 4359 Wi-Fi chipsets, and can be remotely activated without any direct interaction from the user to execute cote within the operating system.

ios 11 ipad iphone

Apple detailed the exploit in the release notes for iOS 10.3.3, providing a list of affected devices and the scope of the problem:

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

Nitay Artenstein of Exodus Intelligence first discovered the exploit, and said that in addition to the iPhone, Android devices including smartphones from HTC, Google (a patch was provided for these phones in a July security update), LG and that “practically the full range of Samsung flagship devices” are affected.

Artenstein will further discuss the inner working of Broadpwn later this month at the annual Black Hat conference held in Las Vegas, Nevada.


Via:  Apple
Show comments blog comments powered by Disqus