: PSA: Update iPhones/iPads to iOS 10.3.3 NOW to fix serious wifi vulnerability allowing attacker complete control

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: July 21, 2017 at 12:41:49 AM EDT
> To: Dave Farber <dave () farber net>, Dewayne Hendricks <dewayne () warpspeed com>
> Cc: ip <ip () listbox com>, "Peter G. Neumann" <neumann () csl sri com>
> Subject: PSA: Update iPhones/iPads to iOS 10.3.3 NOW to fix serious wifi vulnerability allowing attacker complete 
> control
>
> It’s always a good idea to accept iOS dot updates as soon as they are available as they generally have significant 
> security fixes. But iOS 10.3.3, released yesterday, fixes one particularly nasty vulnerability, making a swift update 
> a particularly good idea …
> Apple’s security document describes it in rather mundane-sounding terms.
>
> Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
>
> Description: A memory corruption issue was addressed with improved memory handling.
>
> But what Nitay Artenstein of Exodus Intelligence discovered – and reported to Apple – was that it was able to exploit 
> the issue to ‘run code in the main application processor.’ In other words, gain complete control of your device.
>
> The underlying issue is a weakness in the Broadcom BCM43xx family of wifi chips. These are used in every iPhone from 
> the iPhone 5 to iPhone 7, as well as 4th-gen iPad and later, and iPod Touch 6th gen. But Artenstein found a way to 
> leverage control of the wifi chip to then take control of the main processor.
>
> Now that the vulnerability is fixed, Artenstein will be sharing full details at the Black Hat conferencenext week.
>
> It’s not the first time that a bug has allowed an attacker to take control of an iPhone via wifi. Back in 2015, 
> attackers were able to completely disable any device running iOS 8 within range of a given wifi network.
>
> https://9to5mac.com/2017/07/20/broadpwn-wifi-vulnerability-iphone-ipad/
>
>
> -- 
> Geoff.Goodfellow () iconia com
> living as The Truth is True
> http://geoff.livejournal.com  



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170721032112:29EC5774-6DE5-11E7-AAB2-A6E063EC969B
Powered by Listbox: http://www.listbox.com