Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple’s iOS 11 release prevents backdoor exploit on Wi-Fi chips

Apple's release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.

Designated CVE-2017-11120, the bug was discovered by team researcher Gal Beniamini, and is comparable to the Broadpwn vulnerability found in Broadcom chipsets earlier this year. Following Apple's Sept. 19 update, Google's Project Zero publicly disclosed the bug, as well as a proof-of-concept exploit that inserts a backdoor into the firmware. The backdoor allows remote read/write commands "to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip," Beniamini wrote in the official vulnerability report.

Beniamini also discovered CVE-2017-11121, a buffer overflow vulnerability caused by improper validation. Apple grouped the two bugs together on its support page, collectively calling them a "memory corruption issue" that was fixed with "improved memory handling."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.