Apple’s release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.
Designated CVE-2017-11120, the bug was discovered by team researcher Gal Beniamini, and is comparable to the Broadpwn vulnerability found in Broadcom chipsets earlier this year. Following Apple’s Sept. 19 update, Google’s Project Zero publicly disclosed the bug, as well as a proof-of-concept exploit that inserts a backdoor into the firmware. The backdoor allows remote read/write commands “to be issued to the firmware via crafted action frames (thus allowing easy remote control over the Wi-Fi chip,” Beniamini wrote in the official vulnerability report.
Beniamini also discovered CVE-2017-11121, a buffer overflow vulnerability caused by improper validation. Apple grouped the two bugs together on its support page, collectively calling them a “memory corruption issue” that was fixed with “improved memory handling.”