Apple fixes wireless-based remote code execution flaw in iOS

Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi

Amazon Auditors Listen to Echo Recordings, Report Says
Why Google partnered with MobileIron – and what they plan to offer
Marcus Hutchins Pleads Guilty To Two Counts Of Banking Malware Creation

Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads and iPods.

The vulnerability is a stack buffer overflow in the feature that handles authentication responses for the fast BSS transition feature of the 802.11r protocol, also known as fast roaming. This feature allows devices to move easily and securely between different wireless base stations in the same domain.

Hackers can exploit the flaw to execute code in the context of the Wi-Fi chip’s firmware if they’re within the wireless range of the targeted devices.

The issue is one of several flaws found by Google Project Zero researcher Gal Beniamini in the firmware of Broadcom Wi-Fi chips. Some of these vulnerabilities also affect Android devices and have been patched as part of Android’s April security bulletin.

To read this article in full or to leave a comment, please click here

Go to Source

COMMENTS