A Google Project Zero researcher has detailed a series of vulnerabilities in Broadcom’s Wi-Fi chipsets that could potentially allow remote code execution on Android and iOS devices. Bad actors can potentially exploit this flaw in order to completely take over a device by Wi-Fi proximity alone, with no user interaction, Project Zero researcher Gal Beniamini reported in a blog post last Tuesday.
According to Beniamini, Broadcom has patched the vulnerabilities in its chipsets and made the fixes available to all affected vendors. Apple and Google have responded by developing fixes for iOS and Android devices, respectively.
Two of the vulnerabilities are stack overflows that can be triggered when connecting to networks that support wireless roaming features. The other two are heap overflow vulnerabilities found in Tunneled Direct Link Setup connections, which allow for the exchange of data between peers without going through the Access Point, helping users avoid data bottlenecks.
SC Media reached out to Broadcom for comment.