Interesting People mailing list archives
: PSA: Update iPhones/iPads to iOS 10.3.3 NOW to fix serious wifi vulnerability allowing attacker complete control
From: "Dave Farber" <farber () gmail com>
Date: Fri, 21 Jul 2017 03:21:02 -0400
Begin forwarded message:
From: the keyboard of geoff goodfellow <geoff () iconia com> Date: July 21, 2017 at 12:41:49 AM EDT To: Dave Farber <dave () farber net>, Dewayne Hendricks <dewayne () warpspeed com> Cc: ip <ip () listbox com>, "Peter G. Neumann" <neumann () csl sri com> Subject: PSA: Update iPhones/iPads to iOS 10.3.3 NOW to fix serious wifi vulnerability allowing attacker complete control It’s always a good idea to accept iOS dot updates as soon as they are available as they generally have significant security fixes. But iOS 10.3.3, released yesterday, fixes one particularly nasty vulnerability, making a swift update a particularly good idea … Apple’s security document describes it in rather mundane-sounding terms. Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. But what Nitay Artenstein of Exodus Intelligence discovered – and reported to Apple – was that it was able to exploit the issue to ‘run code in the main application processor.’ In other words, gain complete control of your device. The underlying issue is a weakness in the Broadcom BCM43xx family of wifi chips. These are used in every iPhone from the iPhone 5 to iPhone 7, as well as 4th-gen iPad and later, and iPod Touch 6th gen. But Artenstein found a way to leverage control of the wifi chip to then take control of the main processor. Now that the vulnerability is fixed, Artenstein will be sharing full details at the Black Hat conferencenext week. It’s not the first time that a bug has allowed an attacker to take control of an iPhone via wifi. Back in 2015, attackers were able to completely disable any device running iOS 8 within range of a given wifi network. https://9to5mac.com/2017/07/20/broadpwn-wifi-vulnerability-iphone-ipad/ -- Geoff.Goodfellow () iconia com living as The Truth is True http://geoff.livejournal.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580 Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170721032112:29EC5774-6DE5-11E7-AAB2-A6E063EC969B Powered by Listbox: http://www.listbox.com
Current thread:
- : PSA: Update iPhones/iPads to iOS 10.3.3 NOW to fix serious wifi vulnerability allowing attacker complete control Dave Farber (Jul 21)