Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple iOS patches Wi-Fi remote memory corruption bug

Exodus Intelligence researcher Nitay Artenstein spotted an iOS memory corruption vulnerability which could allow an attacker to seize control of a user's device.

Apple said the bug would allow a threat actor within range to execute arbitrary code on the device's Wi-Fi chip because of a memory corruption issue, according to a security update.

Apple released a fix for iPhone 5 to iPhone 7, 4th-gen iPad and later, and iPod Touch 6th gen in the iOS 10.3.3 update along with updates for Apple TV, iTunes, Safari, macOS, and Apple Watch but the source of the problem lies in the Broadcom BCM43xx family of Wi-Fi chips which is used a host of devices outside the Apple ecosystem.

Google released a patch for a similar issue affecting Android devices on July 5.

Artenstein will release more details on the vulnerability at his Black Hat USA 2017 presentation on July 27 where he will also disclose how the bug affected Android devices.

“A vulnerability in Broadcom's Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction,” the presentation description said. “The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices - from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.