Exodus Intelligence researcher Nitay Artenstein spotted an iOS memory corruption vulnerability which could allow an attacker to seize control of a user’s device.
Apple released a fix for iPhone 5 to iPhone 7, 4th-gen iPad and later, and iPod Touch 6th gen in the iOS 10.3.3 update along with updates for Apple TV, iTunes, Safari, macOS, and Apple Watch but the source of the problem lies in the Broadcom BCM43xx family of Wi-Fi chips which is used a host of devices outside the Apple ecosystem.
Google released a patch for a similar issue affecting Android devices on July 5.
Artenstein will release more details on the vulnerability at his Black Hat USA 2017 presentation on July 27 where he will also disclose how the bug affected Android devices.
“A vulnerability in Broadcom’s Wi-Fi chipsets which affects millions of Android and iOS devices, and can be triggered remotely, without user interaction,” the presentation description said. “The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models, to HTC, LG, Nexus and practically the full range of Samsung flagship devices.”