Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Broadcom patches chipset flaws that enable remote code execution on Android and ioS devices

A Google Project Zero researcher has detailed a series of vulnerabilities in Broadcom's Wi-Fi chipsets that could potentially allow remote code execution on Android and iOS devices. Bad actors can potentially exploit this flaw in order to completely take over a device by Wi-Fi proximity alone, with no user interaction, Project Zero researcher Gal Beniamini reported in a blog post last Tuesday.

According to Beniamini, Broadcom has patched the vulnerabilities in its chipsets and made the fixes available to all affected vendors. Apple and Google have responded by developing fixes for iOS and Android devices, respectively.

Two of the vulnerabilities are stack overflows that can be triggered when connecting to networks that support wireless roaming features. The other two are heap overflow vulnerabilities found in Tunneled Direct Link Setup connections, which allow for the exchange of data between peers without going through the Access Point, helping users avoid data bottlenecks.

SC Media reached out to Broadcom for comment.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.