Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 7 MINUTES AGO.
You are here: Home / Network Security / Update iPhone, iPad To Squash Bug
Update Your iPhone, iPad To Squash Dangerous Wi-Fi Bug
Update Your iPhone, iPad To Squash Dangerous Wi-Fi Bug
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
20
2017
Apple yesterday made a number of security updates to its iOS mobile operating system, including a fix for a Wi-Fi chip vulnerability that could let hackers gain wireless access to iPhones and iPads.

The iOS 10.3.3 update addresses nearly four dozen security flaws, one of which, called "Broadpwn," lies in the Broadcom Wi-Fi chip used in many iPhones and Android devices. Google announced an Android fix for Broadpwn earlier this month. Apple's patch is available for the iPhone 5 and later, 4th-generation and later iPads, and the 6th-generation iPod touch.

The vulnerability could allow a remote actor to trigger a memory corruption error via Wi-Fi on a user's mobile device, according to details on Broadpwn from Security Tracker. That error could then enable the hacker to execute arbitrary code on the device without any actions by the user.

Chip Vulnerability on 'Millions' of Devices

Apple credits discovery of the Wi-Fi vulnerability to Nitay Artenstein, a security researcher with Exodus Intelligence. Artenstein is scheduled to discuss his findings later this month during a briefing at the Black Hat information security conference in Las Vegas.

"Remote exploits that compromise Android and iOS devices without user interaction have become an endangered species in recent years," Artenstein said in a description of his coming Black Hat presentation. "Such exploits present a unique challenge: Without access to the rich scripting environment of the browser, exploit developers have been having a hard time bypassing mitigations such as DEP and ASLR."

Rather than targeting a mobile device's operating system, though, Broadpwn takes aim at the Wi-Fi system on chip (SoC) that's used to handle a device's wireless connectivity. The vulnerability exists on "millions" of Android and iOS devices featuring the Broadcom SoC, Artenstein said.

"The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices -- from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices," he noted.

'Critical' Vulnerability, Easy To Deploy

In its July 5 Android Security Bulletin, Google described the severity of the Broadcom vulnerability as "critical." The U.S. Computer Security Resource Center's National Vulnerability Database, which published details about the vulnerability early last month, noted that taking advantage of the security flaw was not complex.

Wi-Fi SoCs are designed to handle a broad range of processing tasks related to wireless networking, Google security researcher Gal Beniamini wrote in an April blog post for Project Zero, Google's research program aimed at finding zero-day exploits. While such SoCs help to reduce power consumption and free up mobile device operating systems to focus on other tasks, they come with a cost, he added.

"Introducing these new pieces of hardware, running proprietary and complex code bases, may weaken the overall security of the devices and introduce vulnerabilities which could compromise the entire system," Beniamini said, adding that Broadcom's Wi-Fi SoCs are the most common Wi-Fi chipsets used on mobile devices.

Beniamini noted that Broadcom has said newer versions of its Wi-Fi SoC use a memory protection unit, "along with several additional hardware security mechanisms." He called such improvements "a step in the right direction."

Image credit: Product shots by Apple.

Tell Us What You Think
Comment:

Name:

Jack Smith:
Posted: 2017-07-21 @ 2:30am PT
When news came down of Apple ending development of the AirPort line late last year, we needed to replace and chose the Google WiFi. Love these little guys.

My daughter could never stream video reliably in her room and now she can which makes me a hero.

Huge fan of Google WiFi but the bigger issue is if you have any AirPort hardware you should be looking at replacing ASAP.

We just got another big Broadcom zero day. The last AirPort update from Apple was late last year with 7.7.8. We have had three major zero days since and if you look at the teardowns, the Broadcom SoC is what is inside of the AirPort hardware, so replace with something.

We do NOT need a bunch of insecure hardware in people's home being leveraged for DDoS.

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.