Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Google and Apple Issue Security Updates for Critical Broadcom WiFi Vulnerabilities

CrAKeN

By CrAKeN
in Security & Privacy News

Recommended Posts

CrAKeN

CrAKeN

Posted
Posted

iPhone-device.jpg

 

Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone's WiFi component.

 

The issues, discovered by Google Project Zero security researcher Gal Beniamini, affect the Broadcom WiFi SoC (Software on Chip), included with many Android and iOS smartphones, and for which both Google and Apple include custom firmware with their OS.

 

Bugs allow remote hacking of Android and iOS devices


According to Beniamini, a stack buffer overflow vulnerability in the Broadcom firmware code allows an attacker in the phone's WiFi range to send and execute code on the device.

 

Depending on the attacker's skills, he can deploy code that takes over the user's device and installs applications without the user's knowledge, such as adware, banking trojans, or ransomware.

 

The possible ways in which these bugs can be leveraged range from evil WiFi spots up to wardriving scenarios.

 

Both companies addressed the issue with updates released on Monday, with Apple releasing iOS 10.3.1, and Google delivering updates via its Android Security Bulletin for April 2017.

 

Beniamini described his findings, in the context of attacking a fully-patched Nexus 6P Android device, in a blog post published today.

 

Broadcom needed four months to patch all issues


The iOS and Android RCE attacks are two of ten flaws Beniamini discovered in Broadcom's WiFi SoC firmware.

 

None of these flaws affected the Android and iOS operating systems per-se, but the source code of the Broadcom firmware. Both OS makers had to wait for over four months until the chip maker finally managed to fix all flaws.

 

These security bugs were particularly difficult, both in numbers and complexity, as Broadcom asked Beniamini for an extension to Project Zero's 90-day public disclosure policy so they could finish the patching process.

 

Source

Link to comment
Share on other sites
  • Replies 2
  • Views 586
  • Created
  • Last Reply
Karlston

Karlston

Posted
Posted
2 hours ago, CrAKeN said:

a series of critical bugs affecting their phone's WiFi component

 

So it doesn't affect Android and iOS tablets then? :rolleyes:

 

Pet hate... iPhone DOES NOT EQUAL iOS!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...